US5797128A - System and method for implementing a hierarchical policy for computer system administration - Google Patents
System and method for implementing a hierarchical policy for computer system administration Download PDFInfo
- Publication number
- US5797128A US5797128A US08/856,038 US85603897A US5797128A US 5797128 A US5797128 A US 5797128A US 85603897 A US85603897 A US 85603897A US 5797128 A US5797128 A US 5797128A
- Authority
- US
- United States
- Prior art keywords
- policy
- computer
- policies
- class name
- input object
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/468—Specific access rights for resources, e.g. using capability register
Definitions
- the present invention relates, in general to a system and method for implementing a hierarchical policy for computer system administration. More particularly, the present invention relates to a system and method for implementing a hierarchical policy for computer system administration which allows a less experienced system administrator to perform more difficult system administrative activities while concomitantly increasing his efficiency of operation.
- a high level policy may be: "Protection from Loss” which may be refined to "Backup weekly.” This approach is extremely limited and differs fundamentally from the concepts disclosed in the present invention hereinafter. Moreover, Sloman and Moffet do not discuss how "mix-ins" of policies may be applied to managed objects and they do not discuss the use of templates.
- X/Open also includes policy as one of the services provided in their framework for systems management. See, for example: X/Open, "Systems Management: Management Services for an OMG Environment (Draft 0.5)", Dec. 19, 1994.
- the approach therein proposed utilizes the concept of policy regions, which, while superficially bearing on the policy groups disclosed in the present invention, does not specify any inheritance semantics for hierarchies of such policy regions and only allows a managed object to be a member of a single policy region.
- X/Open does not allow multiple templates for the same object type in a given policy region.
- the X/Open approach does not support the inheritance, template and membership semantics necessary to adequately implement a satisfactory hierarchical policy for computer system administration.
- the system and method of the present invention advantageously overcomes the deficiencies of such previous approaches and supports "mix-ins", inheritance, template and membership semantics through use of a policy model which allows a relatively junior system administrator to perform the more difficult computer system administration tasks of a senior system administrator. In so doing, the cost of system ownership is lowered by reducing the amount of expertise required to manage an organization's computer systems thereby allowing for the reduction of the number of senior system administrators required in its operation.
- policy has two basic services which are used to effectuate this improvement, a) services for the standardization of computer system configuration; and services to reduce/limit damage of non-malicious misuse of the computer system.
- Policy is specified in terms of: 1) managed objects and 2) managed object attributes.
- Managed objects are abstractions of resources which are manipulated by system administrators. All managed objects are instantiations of a managed object class.
- a managed object type (or class) describes a group of objects with similar properties (attributes), common behavior (operations), common relationships to other managed objects and common semantics.
- Types (or Classes) of managed object include, for example: users, hosts and printers. An example of a managed object would be a particular computer user: "User”.
- managed object attributes are the characteristics (or properties) of a managed object.
- Management applications manipulate a managed object's attributes in order to administer a managed object. Examples of possible attributes for a managed object of the type: "User” include: user name, user id ("UID”), group id (“GID”), password, home directory and mail spool location.
- UID user id
- GID group id
- System administrators cannot generally define types of managed objects or their associated attributes, as new types of managed object must generally be defined by the developers of the resources. However, system administrators can create and delete managed objects of defined managed object types and can manipulate the attributes of the managed objects they create.
- a managed object may be composed of attributes, and policies can be specified for each of the managed object attributes.
- a managed object of class X may have attributes: A, B and C.
- Each of these attributes can have a policy.
- a specific example of a policy is that the length of the password attribute of a user object must be greater than six characters.
- policies there can be corporate, division and group policies. Each of these policies has a scope of influence. For example, the corporate policy must be followed throughout the enterprise, the division policy must be followed throughout the division and so on. This characteristic produces a nesting of policies: a managed object in a given division must follow the division and corporate policies. Therefore, the policy services must support a nesting of policies.
- policies are associated with policy groups and policy groups can be arranged in a hierarchical manner.
- a policy group may also have a set of managed objects associated with it and the managed objects associated with a given policy group must follow the policies associated with the policy group.
- FIG. 1A is a simplified representation of a general purpose workstation computer forming a portion of the operating environment in which the present invention is used;
- FIGS. 1B and 1C illustrate the general architecture of one possible implementation of the system and method for implementing a hierarchical policy for system administration of the present invention utilizing a client-server configuration illustrating, respectively, the use of the system by a relatively junior system administrator (for example, to change a user password) and the management of the system by a more experienced system administrator to possibly alter policies by adding, deleting or modifying the interrelationship between policies in a policy hierarchy;
- FIG. 2 is a representative class diagram illustrating the inheritance and containment in a possible class hierarchy for a managed object which may include, for example, a host computer or a policy group which contains managed objects and wherein a policy group has children which are managed objects and a managed object has parents which are policy groups;
- FIG. 3 is a simplified block diagram of a policy relationship having three policy groups: A, B and C, each having various policies forming a part thereof;
- FIG. 4 is a simplified block diagram of a representative mix-in of policy groups having the same managed object as a member
- FIG. 5 is a simplified block diagram of a possible basic environment for the system and method of the present invention wherein a representative portion of the organization previously illustrated is divided into functional sub-groups: Publications ("PUBs”) and Human Relations ("HR");
- PUBs Publications
- HR Human Relations
- FIG. 6 is a further diagram of the environment of FIG. 5 illustrative of certain policies associated with the PUBs and HR organizational functions respectively;
- FIG. 7 is a further simplified diagram of the hypothetical physical layout of the Springs site associated with the preceding figures showing a representative breakdown of the various local area networks (“LANs”) in use;
- LANs local area networks
- FIG. 8 is a follow-on diagram illustrating the Springs site geography, the physical layout of the LANs with their respective policies and the various managed objects previously illustrated;
- FIG. 9 is a specific example of a policy mix-in for the user: "Johnson” wherein he is a member of both the HR and South Wing LAN policy groups;
- FIG. 10 is a simplified block diagram of a single policy group associated with a number of User and Host templates for a particular managed object
- FIGS. 11A and 11B are a representative flow chart for the implementation of the hierarchical policy for system administration disclosed for the function: ManagedObject::ValidateProposedValue(AttributeName, AttributeValue);
- FIGS. 12A and 12B are a representative flow chart for the implementation of the function: PolicyGroup::GetPolicies(ManagedObjectClass, AttributeName); and
- FIG. 13 is a representative flow chart for the implementation of the function: User::set -- UserIdentifier(newValue).
- the environment in which the present invention is used encompasses the general distributed computing system, wherein general purpose computers, workstations or personal computers are connected via communication links of various types, in a client-server arrangement, wherein programs and data, many in the form of objects, are made available by various members of the system for execution and access by other members of the system.
- FIG. 1A Some of the elements of a general purpose workstation computer are shown in FIG. 1A, wherein a processor 1 is shown, having an input/output (“I/O") section 2, a central processing unit (“CPU”) 3 and a memory section 4.
- the I/O section 2 is connected to a keyboard 5, a display unit 6, a disk storage unit 9 and a compact disk read only memory (“CDROM”) drive unit 7.
- CDROM compact disk read only memory
- the CDROM unit 7 can read a CDROM medium 8 which typically contains programs 11 and data.
- the computer program products containing mechanisms to effectuate the apparatus and methods of the present invention may reside in the memory section 4, or on a disk storage unit 9 or on the CDROM 8 of such a system.
- FIGS. 1B and 1C the general architecture of one possible implementation of a computer system 10 utilizing the system and method for implementing a hierarchical policy for system administration of the present invention is shown utilizing, for example, a client-server configuration.
- FIG. 1B The use of the computer system 10 by a junior system administrator 12 is shown in FIG. 1B wherein the system administrator 12 accesses the client computer 14 through a user interface (not shown).
- the client computer 14 has a directly associated database 18.
- the client computer 14 is also coupled to a server computer 20 having a predetermined policy group comprising a number of policies 22 associated therewith as will be more fully described hereinafter.
- the server computer 20 also has an associated database 24 which may reside on an internal or external computer mass storage subsystem. In the client-server model illustrated, most of the policies 22 may reside in the server computer 20 database 24 although it is also possible that they may be resident elsewhere in the computer system 10.
- FIG. 1C the management of the computer system 10 is shown in FIG. 1C wherein a senior system administrator is illustrated as a system management function 26 accessing a client computer 14 through a user interface (not shown) for initially establishing the various policies 22 of a policy group for the server computer 20 which may be retained within an associated database 24.
- the system management function 26 allows the senior system administrator to change the hierarchies among various policies 22 and to add, delete or modify the policies 22 within a particular hierarchy.
- the management of the computer system 10 shown in FIG. 1C is, in a sense, recursive with the use illustrated in FIG. 1B inasmuch as use of the computer system 10 is also a management of it.
- the client computer 14 is accessed directly through the user interface as shown in FIG. 1B.
- the client computer 14 then makes a request of the server computer 20, which then runs through the policies 22 maintained in its database 24 to determine which ones apply to the specific request.
- the polices 22 that are thereafter returned to the client computer 14 are the ones that the senior system administrator has previously and independently determined were relevant to the particular request and were input to the server computer 20 database 24 as shown in FIG. 1C.
- the policies 22 returned to the client computer 14 as relevant to the request are then stored in the database 18 and evaluated. If the password change proposed by the junior systems administrator 12 passes all of the policies 22 returned from the server computer 20, the change may then be made.
- FIG. 2 a representative class diagram 30 illustrating the inheritance in a possible class hierarchy for a managed object which may include, for example, a host computer 34 or a policy group 36 which contains the managed objects 32.
- a policy group 36 has children which are managed objects 32.
- a managed object 32 has parents which are policy groups 36.
- OO object oriented
- a number of classes may be defined which may, in turn, relate to types of objects. These classes are then refined into subclasses of classes.
- a class could comprise "persons" (a managed object 32) with subclasses of "persons” being “employees” (a policy group 36).
- An "address” may be associated with the class of "persons” while “salary” may be associated with “employees”.
- "employees" (a policy group 36) inherit all the characteristics of "persons" (a managed object 32) inclusive of names, addresses and the like. Stated another way, a managed object 32 can have subclasses such as host 34 and policy group 36 and a policy group 36 can have superclasses such as managed object 32.
- Policy arrangement 40 illustrates three policy groups: Policy Group A 42, Policy Group B 46 and Policy Group C 48.
- a policy is defined by a managed object type and an attribute.
- Policy Group A 42 there are two policies.
- the first policy is for the password attribute of the User type. This policy states that the length of the password attribute must be greater than six characters. This implies that the user managed object Jones 44, which is a member of Policy Group A 42, must have a password which is greater than 6 characters.
- the second policy is for the swap space attribute of a host type managed object. This second policy states that the value of the swap space attribute must be greater than 200.
- Policy Group A 42 is seen to contain a policy for hosts as well as for users.
- Policy Group B 46 and Policy Group C 48 are "children" of Policy Group A. This means that Policy Groups B and C 46,48 must follow the policies in Policy Group A 42 in addition to their locally defined policies. Therefore, user type managed objects (such as user managed object Smith 52) which are members of Policy Group B 46 must follow the user password length policy defined in Policy Group A 42 and the locally defined policy for the GID attribute of the user type (wherein GID must equal 41). In addition, the host managed object Cheyenne 50 must also follow the host policies inherited from Policy Group A 42. That is, the value of Cheyenne 50's swap space attribute must be greater than 200.
- Policy Group C 48 has a policy defined for the same managed object type and attribute as one of its parents (e.g. user password).
- a user managed object such as user managed object Johnson 54, which is a member of Policy Group C 48, must satisfy the parent's (Policy Group A 42) policies for user password as well as its local policies for user password.
- Policy Group A 42 the parent's policies for user password as well as its local policies for user password.
- the password attribute for a user managed object Johnson 54 which is a member of policy group C 48 must have password length which is greater than six characters (per Policy Group A 42) and the password must contain a numeric character (per Policy Group 48).
- a policy mix-in 60 is shown.
- types of policies that system administrators may define.
- a system administrator may define rules for performance optimization. These rules could be based on the physical location relationships among managed objects (a geographical basis) or these rules could be based on the particular implementation of a particular resource.
- a specific example may be insuring that the system that maintains the mail spool for a given user resides on the same LAN that connects the user's office to the network.
- a system administrator may also define rules to help insure the security or the accountability of a resource and these rules may be based, for example, on a given managed object's relationships among enterprise organizations (an organizational basis). Specific examples may include assigning the same GID to all members of a given organization or project or to ensure that the same rules for password selection are followed by all members of a given group of users (e.g. the length of the password must be greater than 6 characters).
- a system administrator may further define rules to insure the standardization of the system configuration (a standardization of configuration basis). Many times these rules are based on the type and the particular use of a given resource. Examples include defining a common pattern for the location of the mail file (e.g. /var/mail/ ⁇ username>).
- a given managed object 68 may have some attributes governed by performance considerations, some attributes governed by security considerations and some attributes governed by configuration standardization considerations. Moreover, given the wide range of considerations or types of policies, it is very unlikely that the system administrator would want to combine these types of policies into a single hierarchy and the system administrator may want to define specialized hierarchies for different policy types.
- a given user managed object 68 could be a member of a policy region which specializes in security policies (such as an organizational based policy group 64), a member of a policy region which specializes in performance (such as a geographical based policy group 62) and a member of a policy region that supports standardization of configuration (such as standard configuration based policy group 66).
- policies and policy groups may be better understood.
- the assumption is made that the user type of managed object (Jones 76, Smith 78, Johnson 80 and Jackson 82) might have the following attributes: name, UID, GID, password, mail spooler and home directory.
- the basic conditions and environment for the illustration are that the user managed objects are part of one organization which is managed by a given set of administrators, that is Springs organization 70.
- the Springs organization 70 is physically split on two local area networks: South Wing LAN 90 and North Wing LAN 92 and is also further divided into suborganizations based on function: the HR group 74 and PUBs group 72.
- the PUBs group 72 has users: Jones 76 and Smith 78 while the HR group 74 has users Johnson 80 and Jackson 82.
- Offices served by the North Wing LAN 92 include Johnson's office 106 and Jackson's office 108.
- Offices served by the South Wing LAN 90 include Jones'office 102 and Smith's office 104.
- Each of the subgroups of the Springs organization 70 must have a different GID and each member of a subgroup must have the same GID.
- All users in the HR group 74 in addition to having a password greater than 6 characters in length must also have a non-alphabetic character in their password.
- policy groups can be nested. That is, a policy group can contain other policy groups.
- a policy group which is contained by other policy groups inherits the policies defined by the containing groups.
- the members of HR and PUBs policy groups 74, 72 inherit the policies from the Springs organization 70 policy group (User password length>6).
- the members of the HR group 74 must satisfy another constraint regarding user password, wherein it must include at least one non-alphabetic character.
- members of the HR group 74 must also have a GID of 41 and the members of the PUBs group 72 must have a GID of 40.
- a managed object can be a member of multiple policy groups.
- the overall Springs Geography 110 is shown.
- the user Jackson 82 is a member of the HR group 74 (FIGS. 5 and 6) and the North Wing LAN 92 policy groups (FIG. 7).
- the user Johnson 106 is a member of the HR policy group 112 as well as the North Wing LAN policy group 114. Similar illustrations demonstrating which policies apply to users Jones 76 and Smith 78 may be readily constructed to depict their membership in multiple policy groups and the policies of the respective policy groups.
- the senior system administrator can have mandatory and advisory policies.
- a mandatory policy does not allow the proposed change to be made if it violates policy.
- an advisory policy would identify the policy violation and allow the object to be saved.
- the proposed attribute value is checked to verify that the proposed value follows the policies in all of the policy groups of which the managed object is a member. If the proposed value does not follow policy then the proposed attribute modification is not allowed.
- a policy group 120 is shown in conjunction with a pair of user templates 122, 124, a host template 126 and a managed object 128.
- both templates and clones may be used to provide initial values for attributes when a managed object 128 is created.
- Templates 122-126 are associated with policy groups and the values for the attributes specified in the template must follow the policies associated with the policy group 120.
- the policy group 120 can be associated with multiple templates 122-126 for the same type of managed object 128.
- a policy group can also be associated with multiple templates for different types of managed objects (e.g. user templates 122, 124 and host template 126). Not all of the attributes of a template need to have values specified.
- templates can also be used to simplify the policy group hierarchy for the junior system administrator. Templates can be used in a manner akin to book marks to indicate to the junior system administrator which policy groups he can create in new instances. This functionality should be closely integrated with the user interface technology of the computer system 10 (FIGS. 1B and 1C).
- the system and method of the present invention also supports the cloning of managed objects.
- a clone has all of the same attribute values of the master except for the attributes used to identify the instance of the object.
- the clone is a member of all of the same policy groups as the master.
- the master must be a managed object that follows all of the policies associated with its memberships.
- the system administrator might, for example, clone the user Jackson 82.
- the clone would be a member of the HR policy group 74 and the North Wing LAN 92 policy group.
- Cloning and the use of templates saves the system administrator time because not all system administrators need to learn the semantics and determine the appropriate values of each attribute.
- a senior system administrator can define the "master" or template, for use by the junior system administrators.
- the system administrator does not need to manually enter the values for any of the attributes and he can merely accept the values of the clone or template. This results in the system administrator becoming more efficient and less prone to entry errors.
- the disciplined use of clones and templates can go a long way toward ensuring the standardization of managed object configurations.
- FIGS, 11A and 11B a representative flowchart for implementing the function of determining whether or not a proposed attribute for a managed object follows policy is shown in conjunction with the following pseudocode of Block 1 for implementing the process.
- the pseudocode provided hereinafter parallels that of known OO programming languages such as C++ and SmalltalkTM for ease of understanding.
- step 138 if the parent iterator is not at the end of the set -- of -- parent -- PolicyGroup set, at step 140, the policy group pointed to by the parent iterator calls the function getPolicies and assigns the result to tmp -- set. At steps 142 and 144 the members of the tmp -- set are added to the set -- of -- policies -- for -- eval and the parent iterator is moved to the next member of the set -- of -- parent -- PolicyGroup set. On the other hand, if at decision step 138, the parent iterator is now at the end of the set -- of -- parent -- PolicyGroup set, at step 140, the process 130 proceeds to step 146 to set the policy iterator to the beginning of the set -- of -- policies -- for -- eval set.
- the program process 130 instructs the server computer 20 (FIG. 1B) to retrieve all policies of the parents of the managed object from its database 24 which relate to a particular attribute of the managed object.
- the policies returned are then evaluated with regard to the proposed value and, if the value fails any of the policies, the proposed value for the attribute fails.
- the system relies on the policy group to determine who the parents of the managed object are and whether or not they have any policies which relate to the proposed attribute value (i.e. user passwords).
- a recursive search of the tree of policy groups is undertaken by the server computer 20 and its associated database 24 as previously input by the senior system administrator (FIG. 1C).
- a representative process flow 160 is shown to enable the retrieval of the applicable policies given the class name of the managed object and the name of the managed object attribute (i.e. password).
- the process flow 160 illustrated parallels the pseudocode of Block 2 following.
- a set named return -- set -- of -- policies is created and a policy iterator is created and set to begin set -- of -- polices at step 164.
- the policy iterator is tested to determine if it is at the end of the set -- of -- policies. If true, the parent iterator is set to the beginning of the set -- of -- parent -- PolicyGroup at step 174. If false, the className and the name of the policy pointed to by the iterator is tested at decision step 168 to determine if it is the same as the ManagedObject class and the attributeName is passed into this function.
- step 170 If true, the policy pointed to by the iterator is added to the return -- set -- of -- policies at step 170 and the iterator is moved to the next member of the set -- of -- policies at step 172. If false, step 170 is bypassed and the process 160 proceeds to step 172 and then returns to decision step 166.
- decision step 176 determines whether the parent iterator points to the end of set -- of -- parent -- PolicyGroup. If true, the process 160 then proceeds directly to step 184 to return return -- set -- of -- policies. If false, the value returned from the call to the getPolicies (className -- of -- MandagedObject, name -- of -- attribute) for the parent pointed to by the parent iterator is assigned to set -- of -- policies at step 178. Thereafter at step 180, the set -- of -- policies is added to the return -- set -- of -- policies and the iterator is moved to the next member of the set -- of -- patent -- PolicyGroup at step 182. The process 160 then returns to decision step 176.
- policies that are local to the policy group. They are analyzed to determine whether there is a match on class name and attribute name. If a match is found, the policy is placed in the set that will be returned. After the local search, the parents are queried as to policies for the particular class and attribute and the policies returned are also added to the set to be returned. The completed set is then returned and that is passed down to the managed object making the request where the evaluation as to policy compliance takes place.
- policy groups contain a list of policies, and each policy in that list has a class name and attribute to indicate to what the policy applies.
- the policy expression in fact, may be the policy itself.
- Each policy has a function called “validate” and the proposed value is placed in the policy to return a "true” or “false” indication for the value.
- the process 190 begins at decision step 192 to where the proposed value is tested as to UserIdentifier and newvalue to validate to true. If true, the UserIdentifer is assigned to newvalue at step 194 and the process 190 is completed at return step 196. If false, step 194 is bypassed directly to return step 196.
- policies are rules for the values of the attributes of managed objects.
- Policy groups are the basic building block of this model and they associate a set of policies with a set of managed objects. Further, policy groups can be members of other policy groups and a policy group inherits the policies of its parent policy groups. This feature can be used to support the hierarchical specification of policy.
- the system and method herein disclosed allows a given policy group to have multiple parents which, in turn, allows the "mix-in" of policies from the parents.
- Standardization reduces the complexity of the day-to-day system administration function because there is less information to maintain and understand and because there are fewer special cases.
- the standardization herein proposed makes it easier to optimize and troubleshoot particular configurations. Utilizing cloning and templates provides a voluntary means for standardization while validation policies and policy groups provide more of a mandatory means of standardization.
- polices can be used to restrict the set of values for a given attribute to a "safe" set of values and the policy group mechanism insures that a managed object's attributes can only assume safe values.
Abstract
A system and method for implementing a hierarchical policy for computer system administration which is extremely flexible in assigning policies to managed objects. Policies are defined to be rules for the values of the attributes of managed objects. Policy groups comprise the basic building blocks and they associate a set of policies with a set of managed objects. Policy groups can also be members of other policy groups and a policy group inherits the policies of its parent policy groups supporting the hierarchical specification of policy. A given policy group may have multiple parents which allows the "mix-in" of policies from the parents. Cloning and templates in conjunction with validation policies and policy groups provide standardization and a concomitant reduction in system administration complexity.
Description
The present application is a continuation of U.S. patent application Ser. No. 08/497,729 for SYSTEM AND METHOD FOR IMPLEMENTING A HIERARCHICAL POLICY FOR COMPUTER SYSTEM ADMINISTRATION, filed Jul. 3, 1995 and now abandoned.
The present invention relates, in general to a system and method for implementing a hierarchical policy for computer system administration. More particularly, the present invention relates to a system and method for implementing a hierarchical policy for computer system administration which allows a less experienced system administrator to perform more difficult system administrative activities while concomitantly increasing his efficiency of operation.
M. S. Sloman and J. D. Moffet have published several papers on policy. See, for example: Sloman, M. S., Moffet, J. D. and Twiddle, K. P.: "Domino Domains and Policies: An Introduction to the Project Results" Domino Paper Arch/IC/4 20 Feb. 1992. Dept. of Computing, Imperial College, University of London; Moffet, J. D. and Sloman, M. S.: "Representation of Policies as System Objects" November 1991, SIGOIS Bulletin Vol 12, nos 2 & 3, pp 171-184; and Moffet, J. D. and Sloman, M. S.: "Policy Conflict Analysis in Distributed System Management", 12 Apr. 1993, scheduled to appear in the Journal of Organizational Computing. In the first listed paper, the authors introduce the concept of "domains" which associate a set of managed objects with a common set of policies.
Messrs. Sloman and Moffet also describe policy hierarchies. However, the hierarchies discussed are merely based on the refinement of high level general policies. For example, a high level policy may be: "Protection from Loss" which may be refined to "Backup weekly." This approach is extremely limited and differs fundamentally from the concepts disclosed in the present invention hereinafter. Moreover, Sloman and Moffet do not discuss how "mix-ins" of policies may be applied to managed objects and they do not discuss the use of templates.
X/Open also includes policy as one of the services provided in their framework for systems management. See, for example: X/Open, "Systems Management: Management Services for an OMG Environment (Draft 0.5)", Dec. 19, 1994. The approach therein proposed utilizes the concept of policy regions, which, while superficially bearing on the policy groups disclosed in the present invention, does not specify any inheritance semantics for hierarchies of such policy regions and only allows a managed object to be a member of a single policy region. Moreover, X/Open does not allow multiple templates for the same object type in a given policy region. In brief, the X/Open approach does not support the inheritance, template and membership semantics necessary to adequately implement a satisfactory hierarchical policy for computer system administration.
The system and method of the present invention advantageously overcomes the deficiencies of such previous approaches and supports "mix-ins", inheritance, template and membership semantics through use of a policy model which allows a relatively junior system administrator to perform the more difficult computer system administration tasks of a senior system administrator. In so doing, the cost of system ownership is lowered by reducing the amount of expertise required to manage an organization's computer systems thereby allowing for the reduction of the number of senior system administrators required in its operation.
As disclosed herein, policy has two basic services which are used to effectuate this improvement, a) services for the standardization of computer system configuration; and services to reduce/limit damage of non-malicious misuse of the computer system.
In the system and method herein disclosed, "Policy" is specified in terms of: 1) managed objects and 2) managed object attributes. Managed objects are abstractions of resources which are manipulated by system administrators. All managed objects are instantiations of a managed object class. A managed object type (or class) describes a group of objects with similar properties (attributes), common behavior (operations), common relationships to other managed objects and common semantics. Types (or Classes) of managed object include, for example: users, hosts and printers. An example of a managed object would be a particular computer user: "User".
On the other hand, managed object attributes are the characteristics (or properties) of a managed object. Management applications manipulate a managed object's attributes in order to administer a managed object. Examples of possible attributes for a managed object of the type: "User" include: user name, user id ("UID"), group id ("GID"), password, home directory and mail spool location.
System administrators cannot generally define types of managed objects or their associated attributes, as new types of managed object must generally be defined by the developers of the resources. However, system administrators can create and delete managed objects of defined managed object types and can manipulate the attributes of the managed objects they create.
With respect to policy services, it is disclosed herein that a managed object may be composed of attributes, and policies can be specified for each of the managed object attributes. For example, a managed object of class X may have attributes: A, B and C. Each of these attributes can have a policy. A specific example of a policy is that the length of the password attribute of a user object must be greater than six characters. Thus, utilizing the system and method disclosed herein, the senior administrator defines policy by specifying expressions that describe constraints for the attributes of a class of managed object.
Many system administration organizations have a hierarchical definition of policies. For example, there can be corporate, division and group policies. Each of these policies has a scope of influence. For example, the corporate policy must be followed throughout the enterprise, the division policy must be followed throughout the division and so on. This characteristic produces a nesting of policies: a managed object in a given division must follow the division and corporate policies. Therefore, the policy services must support a nesting of policies.
This system and method of the present invention herein disclosed also allows policies to be specified in a hierarchical manner. Policies are associated with policy groups and policy groups can be arranged in a hierarchical manner. A policy group may also have a set of managed objects associated with it and the managed objects associated with a given policy group must follow the policies associated with the policy group.
The foregoing and other features and objects of the present invention and the manner of attaining them will become more apparent and the invention itself will be best understood by reference to the following description of a preferred embodiment, taken in conjunction with the accompanying drawings, wherein:
FIG. 1A is a simplified representation of a general purpose workstation computer forming a portion of the operating environment in which the present invention is used;
FIGS. 1B and 1C illustrate the general architecture of one possible implementation of the system and method for implementing a hierarchical policy for system administration of the present invention utilizing a client-server configuration illustrating, respectively, the use of the system by a relatively junior system administrator (for example, to change a user password) and the management of the system by a more experienced system administrator to possibly alter policies by adding, deleting or modifying the interrelationship between policies in a policy hierarchy;
FIG. 2 is a representative class diagram illustrating the inheritance and containment in a possible class hierarchy for a managed object which may include, for example, a host computer or a policy group which contains managed objects and wherein a policy group has children which are managed objects and a managed object has parents which are policy groups;
FIG. 3 is a simplified block diagram of a policy relationship having three policy groups: A, B and C, each having various policies forming a part thereof;
FIG. 4 is a simplified block diagram of a representative mix-in of policy groups having the same managed object as a member;
FIG. 5 is a simplified block diagram of a possible basic environment for the system and method of the present invention wherein a representative portion of the organization previously illustrated is divided into functional sub-groups: Publications ("PUBs") and Human Relations ("HR");
FIG. 6 is a further diagram of the environment of FIG. 5 illustrative of certain policies associated with the PUBs and HR organizational functions respectively;
FIG. 7 is a further simplified diagram of the hypothetical physical layout of the Springs site associated with the preceding figures showing a representative breakdown of the various local area networks ("LANs") in use;
FIG. 8 is a follow-on diagram illustrating the Springs site geography, the physical layout of the LANs with their respective policies and the various managed objects previously illustrated;
FIG. 9 is a specific example of a policy mix-in for the user: "Johnson" wherein he is a member of both the HR and South Wing LAN policy groups;
FIG. 10 is a simplified block diagram of a single policy group associated with a number of User and Host templates for a particular managed object;
FIGS. 11A and 11B are a representative flow chart for the implementation of the hierarchical policy for system administration disclosed for the function: ManagedObject::ValidateProposedValue(AttributeName, AttributeValue);
FIGS. 12A and 12B are a representative flow chart for the implementation of the function: PolicyGroup::GetPolicies(ManagedObjectClass, AttributeName); and
FIG. 13 is a representative flow chart for the implementation of the function: User::set-- UserIdentifier(newValue).
The environment in which the present invention is used encompasses the general distributed computing system, wherein general purpose computers, workstations or personal computers are connected via communication links of various types, in a client-server arrangement, wherein programs and data, many in the form of objects, are made available by various members of the system for execution and access by other members of the system. Some of the elements of a general purpose workstation computer are shown in FIG. 1A, wherein a processor 1 is shown, having an input/output ("I/O") section 2, a central processing unit ("CPU") 3 and a memory section 4. The I/O section 2 is connected to a keyboard 5, a display unit 6, a disk storage unit 9 and a compact disk read only memory ("CDROM") drive unit 7. The CDROM unit 7 can read a CDROM medium 8 which typically contains programs 11 and data. The computer program products containing mechanisms to effectuate the apparatus and methods of the present invention may reside in the memory section 4, or on a disk storage unit 9 or on the CDROM 8 of such a system.
With reference now to FIGS. 1B and 1C, the general architecture of one possible implementation of a computer system 10 utilizing the system and method for implementing a hierarchical policy for system administration of the present invention is shown utilizing, for example, a client-server configuration.
The use of the computer system 10 by a junior system administrator 12 is shown in FIG. 1B wherein the system administrator 12 accesses the client computer 14 through a user interface (not shown). The client computer 14 has a directly associated database 18. The client computer 14 is also coupled to a server computer 20 having a predetermined policy group comprising a number of policies 22 associated therewith as will be more fully described hereinafter. The server computer 20 also has an associated database 24 which may reside on an internal or external computer mass storage subsystem. In the client-server model illustrated, most of the policies 22 may reside in the server computer 20 database 24 although it is also possible that they may be resident elsewhere in the computer system 10.
On the other hand, the management of the computer system 10 is shown in FIG. 1C wherein a senior system administrator is illustrated as a system management function 26 accessing a client computer 14 through a user interface (not shown) for initially establishing the various policies 22 of a policy group for the server computer 20 which may be retained within an associated database 24. The system management function 26 allows the senior system administrator to change the hierarchies among various policies 22 and to add, delete or modify the policies 22 within a particular hierarchy. The management of the computer system 10 shown in FIG. 1C is, in a sense, recursive with the use illustrated in FIG. 1B inasmuch as use of the computer system 10 is also a management of it.
In the particular example illustrated, if the system administrator 12 needs to modify the attributes of a particular user, for example, the user's password, the client computer 14 is accessed directly through the user interface as shown in FIG. 1B. The client computer 14 then makes a request of the server computer 20, which then runs through the policies 22 maintained in its database 24 to determine which ones apply to the specific request. The polices 22 that are thereafter returned to the client computer 14 are the ones that the senior system administrator has previously and independently determined were relevant to the particular request and were input to the server computer 20 database 24 as shown in FIG. 1C. The policies 22 returned to the client computer 14 as relevant to the request are then stored in the database 18 and evaluated. If the password change proposed by the junior systems administrator 12 passes all of the policies 22 returned from the server computer 20, the change may then be made.
With reference now to FIG. 2, a representative class diagram 30 illustrating the inheritance in a possible class hierarchy for a managed object which may include, for example, a host computer 34 or a policy group 36 which contains the managed objects 32. As depicted, a policy group 36 has children which are managed objects 32. A managed object 32 has parents which are policy groups 36. As will be described more fully hereinafter with respect to representative pseudocode for implementing the system and method of the present invention and the corresponding flowcharts of FIGS. 11A-B, 12A-B and 13, there is an interrelationship between managed objects 32 and policy groups 36 utilizing object oriented ("OO") programming concepts.
Utilizing OO concepts, a number of classes may be defined which may, in turn, relate to types of objects. These classes are then refined into subclasses of classes. As an example, a class could comprise "persons" (a managed object 32) with subclasses of "persons" being "employees" (a policy group 36). An "address" may be associated with the class of "persons" while "salary" may be associated with "employees". Utilizing a step-wise refinement, "employees" (a policy group 36) inherit all the characteristics of "persons" (a managed object 32) inclusive of names, addresses and the like. Stated another way, a managed object 32 can have subclasses such as host 34 and policy group 36 and a policy group 36 can have superclasses such as managed object 32.
With reference now to FIG. 3, an exemplary policy arrangement 40 in accordance with the present invention is shown. Policy arrangement 40 illustrates three policy groups: Policy Group A 42, Policy Group B 46 and Policy Group C 48. As has been previously mentioned, a policy is defined by a managed object type and an attribute. In Policy Group A 42 there are two policies. The first policy is for the password attribute of the User type. This policy states that the length of the password attribute must be greater than six characters. This implies that the user managed object Jones 44, which is a member of Policy Group A 42, must have a password which is greater than 6 characters. The second policy is for the swap space attribute of a host type managed object. This second policy states that the value of the swap space attribute must be greater than 200.
It is also important to note that a given policy group can contain policies for multiple types of managed objects. In the example of FIG. 3, Policy Group A 42 is seen to contain a policy for hosts as well as for users.
With reference now to FIG. 4 an example of a policy mix-in 60 is shown. By way of background, there are a number of "types" of policies that system administrators may define. As an example, a system administrator may define rules for performance optimization. These rules could be based on the physical location relationships among managed objects (a geographical basis) or these rules could be based on the particular implementation of a particular resource. A specific example may be insuring that the system that maintains the mail spool for a given user resides on the same LAN that connects the user's office to the network.
A system administrator may also define rules to help insure the security or the accountability of a resource and these rules may be based, for example, on a given managed object's relationships among enterprise organizations (an organizational basis). Specific examples may include assigning the same GID to all members of a given organization or project or to ensure that the same rules for password selection are followed by all members of a given group of users (e.g. the length of the password must be greater than 6 characters).
A system administrator may further define rules to insure the standardization of the system configuration (a standardization of configuration basis). Many times these rules are based on the type and the particular use of a given resource. Examples include defining a common pattern for the location of the mail file (e.g. /var/mail/<username>).
As is apparent from the foregoing examples, a given managed object 68 may have some attributes governed by performance considerations, some attributes governed by security considerations and some attributes governed by configuration standardization considerations. Moreover, given the wide range of considerations or types of policies, it is very unlikely that the system administrator would want to combine these types of policies into a single hierarchy and the system administrator may want to define specialized hierarchies for different policy types.
Separate hierarchies based on the "type" of policy allow a policy mix-in 60 approach to the assignment of policy to a particular managed object 68. A system administrator can, therefore, associate a given managed object with the specialized policy regions that provide the desired policies. Thus, as shown in FIG. 4, a given user managed object 68 could be a member of a policy region which specializes in security policies (such as an organizational based policy group 64), a member of a policy region which specializes in performance (such as a geographical based policy group 62) and a member of a policy region that supports standardization of configuration (such as standard configuration based policy group 66).
With reference to FIGS. 5, 6 and 7 and the following text, the concept of policies and policy groups may be better understood. In this exemplary illustration, the assumption is made that the user type of managed object (Jones 76, Smith 78, Johnson 80 and Jackson 82) might have the following attributes: name, UID, GID, password, mail spooler and home directory. The basic conditions and environment for the illustration are that the user managed objects are part of one organization which is managed by a given set of administrators, that is Springs organization 70.
The Springs organization 70 is physically split on two local area networks: South Wing LAN 90 and North Wing LAN 92 and is also further divided into suborganizations based on function: the HR group 74 and PUBs group 72. The PUBs group 72 has users: Jones 76 and Smith 78 while the HR group 74 has users Johnson 80 and Jackson 82. Offices served by the North Wing LAN 92 include Johnson's office 106 and Jackson's office 108. Offices served by the South Wing LAN 90 include Jones'office 102 and Smith's office 104.
In the example illustrated, the following are assumed to be policies of the Springs organization 70:
1) The location of the mail spooler and home directory must be local to the LAN at which the user's office resides.
a) as to the North Wing LAN 92:
i. the mail spooler for users whose offices are serviced by this LAN 92 must be the host Springs 98; and
ii. the home directory for users whose offices are serviced by this LAN 92 must be on hosts Rocky 100 or Springs 98.
b) as to the South Wing LAN 90:
i. the mail spooler for users whose offices are serviced by this LAN 90 must be the host Mastermind 94; and
ii. the home directory for users whose offices are serviced by this LAN 90 must be on hosts Mastermind 94 or Cheyenne 96.
2) All Users in the Springs organization 70 must have a password which is greater than 6 characters in length.
3) Each of the subgroups of the Springs organization 70 must have a different GID and each member of a subgroup must have the same GID.
4) All users in the HR group 74 in addition to having a password greater than 6 characters in length must also have a non-alphabetic character in their password.
The following sets of policies and policy groups satisfy the foregoing constraints:
1. Springs Organization 70 Policy Group
a. Policies: User Password length>6 characters
b. Members: PUBs Policy Group 72, HR Policy Group 74
2. PUBs Policy Group 72
a. Policies: User GID=40
b. Members: Smith 78, Jones 76
3. HR Policy Group 74
a. Policies: User GID=41, User password must contain a non-numeric character
b. Members: Johnson 80, Jackson 82
4. North Wing LAN 92 Policy Group
a. Policies: User mail spooler=Springs 98, user home directory must be either Rocky 100 or Springs 98.
b. Members: Jackson's office 108, Johnson's office 106.
5. South Wing LAN 90 Policy Group
a. Policies: User mail spooler=Mastermind 94, user home directory must be either Mastermind 94 or Cheyenne 96.
b. Members: Jones' office 102, Smith's office 104
As noted previously, policy groups can be nested. That is, a policy group can contain other policy groups. With specific reference to FIG. 6, a policy group which is contained by other policy groups inherits the policies defined by the containing groups. In the example above, the members of HR and PUBs policy groups 74, 72 inherit the policies from the Springs organization 70 policy group (User password length>6). In addition, the members of the HR group 74 must satisfy another constraint regarding user password, wherein it must include at least one non-alphabetic character. Finally, members of the HR group 74 must also have a GID of 41 and the members of the PUBs group 72 must have a GID of 40.
A managed object can be a member of multiple policy groups. In the above example, and with particular reference additionally to FIG. 8, the overall Springs Geography 110 is shown. As an example, the user Jackson 82 is a member of the HR group 74 (FIGS. 5 and 6) and the North Wing LAN 92 policy groups (FIG. 7). Thus the user Jackson 82 has the policies from the HR group 74 applied to it (User password length>6, User password must also include a non-alphabetic character, and User GID must equal 41) and the policies of the North Wing LAN 92 applied to it (user mail spooler=Springs 98, user home directory must be either Rocky 100 or Springs 98).
As shown in simplified format with respect to FIG. 9, the user Johnson 106 is a member of the HR policy group 112 as well as the North Wing LAN policy group 114. Similar illustrations demonstrating which policies apply to users Jones 76 and Smith 78 may be readily constructed to depict their membership in multiple policy groups and the policies of the respective policy groups.
The senior system administrator can have mandatory and advisory policies. A mandatory policy does not allow the proposed change to be made if it violates policy. On the other hand, an advisory policy would identify the policy violation and allow the object to be saved.
When an attribute of a managed object is to be modified, the proposed attribute value is checked to verify that the proposed value follows the policies in all of the policy groups of which the managed object is a member. If the proposed value does not follow policy then the proposed attribute modification is not allowed.
It should be noted that it is possible for a managed object in a given group not to follow the policies of the group if the policies of the group are changed after the managed object has previously become a member of the group. These members will not be removed from the policy group. These members will be flagged as not following policy.
In this regard, it is important to emphasize that applications which manipulate the attributes of a managed object should ideally be modified to call validation policy checking routines. Nevertheless, ensuring that managed objects can only be modified by applications that perform policy checking may not be completely feasible. As a consequence, other applications may need to be modified to periodically scan the managed objects and return the set of managed objects which do not follow policy.
With reference now to FIG. 10, a policy group 120 is shown in conjunction with a pair of user templates 122, 124, a host template 126 and a managed object 128. In accordance with the system and method of the present invention, both templates and clones may be used to provide initial values for attributes when a managed object 128 is created. Templates 122-126 are associated with policy groups and the values for the attributes specified in the template must follow the policies associated with the policy group 120. As shown, the policy group 120 can be associated with multiple templates 122-126 for the same type of managed object 128. A policy group can also be associated with multiple templates for different types of managed objects ( e.g. user templates 122, 124 and host template 126). Not all of the attributes of a template need to have values specified.
In accordance with the present invention, templates can also be used to simplify the policy group hierarchy for the junior system administrator. Templates can be used in a manner akin to book marks to indicate to the junior system administrator which policy groups he can create in new instances. This functionality should be closely integrated with the user interface technology of the computer system 10 (FIGS. 1B and 1C).
The system and method of the present invention also supports the cloning of managed objects. A clone has all of the same attribute values of the master except for the attributes used to identify the instance of the object. In addition, the clone is a member of all of the same policy groups as the master. The master must be a managed object that follows all of the policies associated with its memberships.
Using the example above with reference to the preceding figures, and assuming the system administrator wants to create a new HR group 74 user which also has an office that is serviced by the North Wing LAN 92, then the system administrator might, for example, clone the user Jackson 82. The clone would be a member of the HR policy group 74 and the North Wing LAN 92 policy group.
Cloning and the use of templates saves the system administrator time because not all system administrators need to learn the semantics and determine the appropriate values of each attribute. In this regard, a senior system administrator can define the "master" or template, for use by the junior system administrators. Moreover, the system administrator does not need to manually enter the values for any of the attributes and he can merely accept the values of the clone or template. This results in the system administrator becoming more efficient and less prone to entry errors. Finally, the disciplined use of clones and templates can go a long way toward ensuring the standardization of managed object configurations.
With reference additionally now to FIGS, 11A and 11B a representative flowchart for implementing the function of determining whether or not a proposed attribute for a managed object follows policy is shown in conjunction with the following pseudocode of Block 1 for implementing the process. The pseudocode provided hereinafter parallels that of known OO programming languages such as C++ and Smalltalk™ for ease of understanding.
The process 130 begins at step 132 to assign result=true and then, at step 134 a set named set-- of-- policies-- for-- eval is created. Step 136 then follows in which a parent iterator is created and set to the beginning of the set-- of-- parent-- PolicyGroup set.
At decision step 138, if the parent iterator is not at the end of the set-- of-- parent-- PolicyGroup set, at step 140, the policy group pointed to by the parent iterator calls the function getPolicies and assigns the result to tmp-- set. At steps 142 and 144 the members of the tmp-- set are added to the set-- of-- policies-- for-- eval and the parent iterator is moved to the next member of the set-- of-- parent-- PolicyGroup set. On the other hand, if at decision step 138, the parent iterator is now at the end of the set-- of-- parent-- PolicyGroup set, at step 140, the process 130 proceeds to step 146 to set the policy iterator to the beginning of the set-- of-- policies-- for-- eval set.
At decision step 148, the iterator is evaluated to determine whether or not it points to the end of the set-- of-- policies-- for-- eval. If true, the process proceeds to step 156 to return the result. If false, the process proceeds to decision step 150 to determine whether the policy pointed to by the iterator validates (AttributeValue), or returns true (valid), for the proposed value. If false, the process proceeds to step 152 to assign result=false and then to step 154 to move the policy iterator to the next member of the set-- of-- policies-- for-- eval set, then back to decision step 148. If true, step 152 is bypassed directly to step 154 for return to decision step 148.
Fundamentally, the program process 130 instructs the server computer 20 (FIG. 1B) to retrieve all policies of the parents of the managed object from its database 24 which relate to a particular attribute of the managed object. The policies returned are then evaluated with regard to the proposed value and, if the value fails any of the policies, the proposed value for the attribute fails. To determine which policies of the various parents to return, the system relies on the policy group to determine who the parents of the managed object are and whether or not they have any policies which relate to the proposed attribute value (i.e. user passwords). In effect, a recursive search of the tree of policy groups is undertaken by the server computer 20 and its associated database 24 as previously input by the senior system administrator (FIG. 1C).
______________________________________ Block 1: Class ManagedObject class ManagedObject /* Attributes */ name; set.sub.-- of.sub.-- parent.sub.-- PolicyGroups; /* functions */ validateProposedValue (AttributeName,Attrib uteValue): return (boolean); polymorphic class.sub.-- of.sub.-- self (): returns (the name of the class of the caller); end class ManagedObject /* function definitions for ManagedObject */ validateProposedValue (AttributeName,AttributeValue) create empty set.sub.-- of.sub.-- policies.sub.-- for.sub.-- eval; passedPolicy = TRUE; for each parent in set.sub.-- of.sub.-- parent.sub.-- PolicyGroups do set.sub.-- of.sub.-- policies = Parent.getPolicies (class .sub.-- of .sub.-- self() ,AttributeName); add set of policies to set.sub.-- of.sub.-- policies.sub.-- for.sub.-- eval; end for loop; for each policy in set .sub.-- of .sub.-- policies.sub.-- for.sub.-- eval do if (policy.validate(AttributeValue) == FALSE) then passedPolicy=FALSE; end if; end for loop; return passedPolicy; end function validateProposedValue; ______________________________________
With reference additionally now to FIGS. 12A-12B a representative process flow 160 is shown to enable the retrieval of the applicable policies given the class name of the managed object and the name of the managed object attribute (i.e. password). The process flow 160 illustrated parallels the pseudocode of Block 2 following.
At step 162 a set named return-- set-- of-- policies is created and a policy iterator is created and set to begin set-- of-- polices at step 164. At decision step 166 the policy iterator is tested to determine if it is at the end of the set-- of-- policies. If true, the parent iterator is set to the beginning of the set-- of-- parent-- PolicyGroup at step 174. If false, the className and the name of the policy pointed to by the iterator is tested at decision step 168 to determine if it is the same as the ManagedObject class and the attributeName is passed into this function.
If true, the policy pointed to by the iterator is added to the return-- set-- of-- policies at step 170 and the iterator is moved to the next member of the set-- of-- policies at step 172. If false, step 170 is bypassed and the process 160 proceeds to step 172 and then returns to decision step 166.
Following step 174, decision step 176 determines whether the parent iterator points to the end of set-- of-- parent-- PolicyGroup. If true, the process 160 then proceeds directly to step 184 to return return-- set-- of-- policies. If false, the value returned from the call to the getPolicies (className-- of-- MandagedObject, name-- of-- attribute) for the parent pointed to by the parent iterator is assigned to set-- of-- policies at step 178. Thereafter at step 180, the set-- of-- policies is added to the return-- set-- of-- policies and the iterator is moved to the next member of the set-- of-- patent-- PolicyGroup at step 182. The process 160 then returns to decision step 176.
In operation, a search is first done on all locally defined policies, that is, policies that are local to the policy group. They are analyzed to determine whether there is a match on class name and attribute name. If a match is found, the policy is placed in the set that will be returned. After the local search, the parents are queried as to policies for the particular class and attribute and the policies returned are also added to the set to be returned. The completed set is then returned and that is passed down to the managed object making the request where the evaluation as to policy compliance takes place.
______________________________________ Block 2: Class PolicyGroup class PolicyGroup subclass of ManagedObject /* Attributes */ set.sub.-- of.sub.-- children.sub.-- ManagedObjects; set.sub.-- of.sub.-- policies; /* .sub.-- functions */ getPolicies(class.sub.-- of.sub.-- ManagedObject, name.sub.-- of.sub.-- attribute): returns (a set of policies); class.sub.-- of self (); end class PolicyGroup /* function definitions for PolicyGroup */ function getPolicies(className.sub.-- of.sub.-- ManagedObject, name.sub.-- of.sub.-- attribute) create an empty return.sub.-- set.sub.-- of.sub.-- policies; for each policy in set .sub.-- of .sub.-- policies do: if (policy.classname == className.sub.-- of.sub.-- ManagedObject AND policy.attributeName == name.sub.-- ofattribute) then add policy to return.sub.-- set.sub.-- of.sub.-- policies; end if; end for loop; for each parent in set.sub.-- of.sub.-- parent.sub.-- PolicyGroups do: set.sub.-- of.sub.-- policies = Parent. getPolicies (className.sub.-- of.sub.-- ManagedObject, name of.sub.-- attribute); add set.sub.-- of.sub.-- policies to return.sub.-- set.sub.-- of.sub.-- policies; end for loop; return return.sub.-- set.sub.-- of.sub.-- policies; end function getPolicies function class.sub.-- of .sub.-- self() return "PolicyGroup" end function class.sub.-- of.sub.-- self; ______________________________________
With respect to the pseudocode of Block 3 hereinafter, an example of class policy is shown. It should be reiterated that policy groups contain a list of policies, and each policy in that list has a class name and attribute to indicate to what the policy applies. The policy expression, in fact, may be the policy itself. Each policy has a function called "validate" and the proposed value is placed in the policy to return a "true" or "false" indication for the value.
______________________________________ Block 3: Class Policy class Policy /* Attributes */ className; /* name of the class of Managed Object this policy applies */ attributeName; /* name of the attribute of the class className */ policyExpression; /* functions */ validate(aProposedAttributeValue) return (Boolean); end class Policy /* Function Definitions for Policy*/ validate(aProposedAttributeValue) /* use aProposedAttributeValue in the system administrator defined policy expression. The result of the policy expression is returned. end function validate ______________________________________
With reference additionally now to FIG. 13 and the following pseudocode of Block 4, an example of a class which checks policy is shown. The process 190 begins at decision step 192 to where the proposed value is tested as to UserIdentifier and newvalue to validate to true. If true, the UserIdentifer is assigned to newvalue at step 194 and the process 190 is completed at return step 196. If false, step 194 is bypassed directly to return step 196.
______________________________________ Block 4: An Example of a class which checks Policy class User subclass of Managed Object /* attributes */ UserIdentifier; /* functions */ class of self(); set.sub.-- UserIdentifier(newValue) returns error code; end class User /* Function Definitions for User */ function class of self() return "User"; end function; function set UserIdentifier(newValue) if (validateProposedValue("UserIdentifier", newValue) then UserIdentifier = newValue; end if; end function set.sub.-- UserIdentifier; ______________________________________
The system and method for implementing a hierarchical policy for computer system administration disclosed herein is very flexible in assigning policies to managed objects. As stated previously, policies are rules for the values of the attributes of managed objects. Policy groups are the basic building block of this model and they associate a set of policies with a set of managed objects. Further, policy groups can be members of other policy groups and a policy group inherits the policies of its parent policy groups. This feature can be used to support the hierarchical specification of policy. Moreover, the system and method herein disclosed allows a given policy group to have multiple parents which, in turn, allows the "mix-in" of policies from the parents.
System administrators may use the standardization of the managed object configuration as a means to reduce the burden of administering large numbers of instances of a given class of managed objects. Standardization reduces the complexity of the day-to-day system administration function because there is less information to maintain and understand and because there are fewer special cases. Thus, the standardization herein proposed makes it easier to optimize and troubleshoot particular configurations. Utilizing cloning and templates provides a voluntary means for standardization while validation policies and policy groups provide more of a mandatory means of standardization.
Reduction or limiting the damage of non-malicious misuse is supported via policies. Specifically, polices can be used to restrict the set of values for a given attribute to a "safe" set of values and the policy group mechanism insures that a managed object's attributes can only assume safe values.
While there have been described above the principles of the present invention in conjunction with a specific client-server computer architecture and programming examples, it is to be clearly understood that the foregoing description is made only by way of example and not as a limitation to the scope of the invention. Particularly, while the system and method of the present invention has been applied with specificity to computer system administration and management functions in the examples discussed, the same techniques can be applied, for example, to software development wherein rules for the values of attributes of managed objects may be placed thereon.
Claims (51)
1. A method for implementing a hierarchical policy for administration of a computer system having at least one computer, an associated database and a user interface for inputting data to said database, said method comprising the steps of:
providing for storing of a number of policies in said database, said policies each having an associated policy class name and policy attribute;
providing for organizing of said policies into policy groups;
providing for inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
providing for searching of certain of said policy groups pertinent to said input managed object to determine policies within said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for returning of a matching subset of policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for analyzing of said proposed value of said input object attribute of said input managed object with respect to said matching subset of policies; and
providing for allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of policies.
2. The method of claim 1 wherein said step of providing for searching further comprises the steps of:
providing for recursively searching of said policy groups to determine parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for additionally returning of an additional subset of said policies from said parent policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for adding of said additional subset of said policies to said matching subset of policies prior to said step of providing for returning.
3. The method of claim 2 wherein said step of providing for recursive searching is carried out by the steps of:
providing for initially searching said certain policy groups to identify said policies having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for secondarily searching of policies of said parent policy groups to identify policies of said parent policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute.
4. The method of claim 1 wherein said step of providing for storing is carried out by means of a computer mass storage device operatively coupled to said computer system.
5. The method of claim 1 wherein said step of providing for organizing is carried out by the steps of:
providing for determining of common applicabilities of said policies to various of said managed object class names and said object attributes;
providing for grouping of said policies in said policy groups according to said common applicabilities.
6. The method of claim 1 wherein said step of providing for inputting is carried out by providing for entry of said input object class name and proposed value of said input object attribute to said computer system.
7. The method of claim 1 further comprising the steps of:
providing an additional computer coupled to said computer system, said additional computer functioning as a server with respect to said at least one computer functioning as a client, said additional computer operative for controlling said database.
8. The method of claim 7 wherein said steps of providing for storing, searching and returning are carried out by said additional computer.
9. The method of claim 7 wherein said steps of providing for analyzing and allowing are carried out by said at least one computer.
10. The method of claim 1 further comprising the steps of:
providing for cloning of an associated object class name and an associated object attribute of a previously input managed object; and
providing for the utilization of said associated object class name and said associated object attribute to produce a modifiable initial representation of said input object class name and said input object attribute of said input managed object.
11. The method of claim 1 further comprising the step of:
providing for creating a template to establish an initial value for said input object attribute of said input managed object.
12. The method of claim 1 further comprising the step of:
providing for disallowing of entry of said proposed value of said input object attribute if said proposed value fails any one of said policies in said matching subset of policies.
13. The method of claim 1 further comprising the step of:
providing for conditionally allowing of entry of said proposed value of said input object attribute if said proposed value fails an advisory one of said policies in said matching subset of policies.
14. A computer program product comprising:
a computer usable medium having computer readable code embodied therein for implementing a hierarchical policy for administration of a computer system having at least one computer, an associated database and a user interface for inputting data to said database, the computer program product comprising:
computer readable program code devices configured to cause a computer to effect storing a number of policies in said database, said policies each having an associated policy class name and an associated policy attribute;
computer readable program code devices configured to cause a computer to effect organizing said policies into policy groups;
computer readable program code devices configured to cause a computer to effect inputting characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
computer readable program code devices configured to cause a computer to effect searching certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
computer readable program code devices configured to cause a computer to effect returning a matching subset of said policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute;
computer readable program code devices configured to cause a computer to effect analyzing said proposed value of said input object attribute with respect to said matching subset of said policies; and
computer readable program code devices configured to cause a computer to effect allowing entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of said policies.
15. The computer program product of claim 14 further comprising:
computer readable program code devices configured to cause a computer to effect recursively searching said policy groups to determine parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
computer readable program code devices configured to cause a computer to effect additionally returning an additional subset of said policies from said parent policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect adding said additional subset of said policies to said matching subset of policies prior to said step of returning.
16. The computer program product of claim 15 wherein said computer readable program code devices are configured to cause a computer to effect said searching of said policies is carried out by:
computer readable program code devices configured to cause a computer to effect initially searching said policies of said certain policy groups to identify said policies having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect secondarily searching said policies of said parent policy groups to identify policies of said parent policy groups of said managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute.
17. The computer program product of claim 14 wherein said computer readable program code devices are configures to cause a computer to effect said organizing of said policies is carried out by:
computer readable program code devices configured to cause a computer to effect determining common applicabilities of said policies to various of said managed object class names and said object attributes;
computer readable program code devices configured to cause a computer to effect providing for grouping of said policies in said policy groups according to said common applicabilities.
18. The computer program product of claim 14 further comprising:
computer readable program code devices configured to cause a computer to effect cloning of an associated object class name and an associated object attribute of a previously input managed object; and
computer readable program code devices configured to cause a computer to effect utilization of said associated object class name and said associated object attribute to produce a modifiable initial representation of said input object class name and said input object attribute.
19. The computer program product of claim 14 further comprising:
computer readable program code devices configured to cause a computer to effect creating a template to establish an initial value for said input object attribute.
20. The computer program product of claim 14 further comprising:
computer readable program code devices configured to cause a computer to effect disallowing entry of said proposed value of said input object attribute if said proposed value fails any one of said policies in said matching subset of said policies.
21. The computer program product of claim 14 further comprising:
computer readable program code devices configured to cause a computer to effect providing for conditionally allowing of entry of said proposed value of said input object attribute if said proposed value fails an advisory one of said policies in said matching subset of said policies.
22. A computer system capable of implementing a hierarchical policy administration, said computer system comprising:
at least one computer;
at least one database retained within a computer mass storage device operatively coupled to said computer, said database being capable of storing a number of policies having an associated policy class name and an associated policy attribute;
a user interface operatively coupled to said at least one computer, said user interface capable of allowing input of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
an associator operable in conjunction with said at least one computer and said database for organizing said policies into policy groups;
an iterator operable in conjunction with said at least one computer and said database for searching certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
a matching subset of said policies from said policy groups returned by said iterator to said at least one computer which have a policy class name and policy attribute corresponding to said input object class name and input object attribute;
an analyzer operable in conjunction with said at least one computer for testing said proposed value of said input object attribute with respect to said matching subset of said policies; and
an input validator operable in conjunction with said at least one computer and said user interface and responsive to said analyzer, said input validator allowing entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said matching subset of said policies.
23. The computer system of claim 22 further comprising:
a recursive iterator operable in conjunction with said at least one computer and said database for searching said policy groups to determine parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
an additional subset of said policies from said parent policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
a summer for adding said additional subset of said policies to said matching subset of said policies.
24. The computer system of claim 22 further comprising an additional computer coupled to said computer system for operatively controlling said database and functioning as a server with respect to said at least one computer.
25. The computer system of claim 22 further comprising a cloning implementor for utilizing an associated class name and associated object attribute of an associated managed object previously input to said computer system to produce a modifiable initial representation of said input object class name and said input object attribute.
26. The computer system of claim 22 further comprising a template creator for establishing an initial value for said input object attribute.
27. The computer system of claim 22 wherein said input validator further comprises an input disallower for disallowing entry of said proposed value of said input object attribute if said proposed value fails any one of said policies in said matching subset of policies.
28. The computer system of claim 22 wherein said input validator further comprises a conditional input validator for conditionally allowing entry of said proposed value of said input object attribute if said proposed value fails an advisory one of said policies in said matching subset of policies.
29. A method for implementing a hierarchical policy for a computer system having at least one computer, an associated database and a user interface for inputting data to said computer system, said method comprising the steps of:
providing for organizing of a number of policies in said database into policy groups, each of said policies having an associated policy class name and an associated policy attribute;
providing for inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
providing for analyzing of said proposed value of said input object attribute with respect to policies in pertinent ones of said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said pertinent ones of said policy groups.
30. The method of claim 29 wherein said step of analyzing further comprises the steps of:
providing for searching of said database for certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for returning of a matching subset of said policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute.
31. The method of claim 30 wherein said step of providing for searching further comprises the steps of:
providing for recursively searching of said policy groups to determine parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
providing for additionally returning of an additional subset of said policies from said parent policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for adding of said additional subset of said policies to said policies from said pertinent ones of said policy groups prior to said step of providing for returning.
32. The method of claim 30 wherein said step of providing for searching is carried out by the steps of:
providing for initially searching of said policies of said certain policy groups to identify said policies having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
providing for secondarily searching of said policies of said parent policy groups to identify policies of said parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute.
33. The method of claim 29 wherein said step of providing for organizing is carried out by the steps of:
providing for determining of common applicabilities of said policies to various of said managed object class names and said object attributes; and
providing for grouping of said policies in said policy groups according to said common applicabilities.
34. The method of claim 29 wherein said step of providing for inputting is carried out by providing for entry of said input object class name and proposed value of said input object attribute to said computer system.
35. The method of claim 29 further comprising the steps of:
providing an additional computer coupled to said computer system, said additional computer functioning as a server with respect to said at least one computer functioning as a client, said additional computer operative for controlling said database.
36. The method of claim 35 wherein said steps of providing for searching and returning are carried out by said additional computer.
37. The method of claim 35 wherein said steps of providing for analyzing and allowing are carried out by said at least one computer.
38. The method of claim 29 further comprising the steps of:
providing for cloning of an associated object class name and an associated object attribute of a previously input managed object; and
providing for the utilization of said associated object class name and said associated object attribute to produce a modifiable initial representation of said input object class name and said input object attribute.
39. The method of claim 29 further comprising the step of:
providing for creating a template to establish an initial value for said input object attribute.
40. The method of claim 29 further comprising the step of:
providing for disallowing of entry of said proposed value of said input object attribute if said proposed value fails any one of said policies in said pertinent ones of said policy groups.
41. The method of claim 29 further comprising the step of:
providing for conditionally allowing of entry of said proposed value of said input object attribute if said proposed value fails an advisory one of said policies in said pertinent ones of said policy groups.
42. A computer program product comprising:
a computer usable medium having computer readable code embodied thereon for implementing a hierarchical policy for a computer system having at least one computer, an associated database and a user interface for inputting data to said computer system, the computer program product comprising:
computer readable program code devices configured to cause a computer to effect organizing of a number of policies in said database into policy groups, each of said policies having an associated policy class name and an associated policy attribute;
computer readable program code devices configured to cause a computer to effect inputting of characteristics of an input managed object to said computer system, said input managed object having an associated input object class name and an associated input object attribute having a proposed value;
computer readable program code devices configured to cause a computer to effect analyzing of said proposed value of said input object attribute with respect to policies in pertinent ones of said policy groups having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect allowing of entry of said proposed value of said input object attribute if said proposed value passes each of said policies in said pertinent ones of said policy groups.
43. The computer program product of claim 42 wherein said computer readable program code devices configured to cause a computer to effect analyzing is further carried out by:
computer readable program code devices configured to cause a computer to effect searching of said database for certain of said policy groups pertinent to said input managed object to determine policies thereof having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect returning of a matching subset of said policies from said policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute.
44. The computer program product of claim 43 wherein said computer readable program code devices configured to cause a computer to effect analyzing is further carried out by:
computer readable program code devices configured to cause a computer to effect recursively searching of said policy groups to determine parent policy groups of said input managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute;
computer readable program code devices configured to cause a computer to effect additionally returning of an additional subset of said policies from said parent policy groups which have a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect adding of said additional subset of said policies to said policies in said pertinent ones of said policy groups prior to said step of providing for returning.
45. The computer program product of claim 43 wherein said computer readable program code devices configured to cause a computer to effect searching is carried out by:
computer readable program code devices configured to cause a computer to effect initially searching of said policies of said certain policy groups to identify said policies having a policy class name and policy attribute corresponding to said input object class name and input object attribute; and
computer readable program code devices configured to cause a computer to effect secondarily searching of said policies of said certain policy groups to identify policies of said parent policy groups of i said managed object having a policy class name and policy attribute corresponding to said input object class name and input object attribute.
46. The computer program product of claim 42 wherein said computer readable program code devices configured to cause a computer to effect organizing is carried out by:
computer readable program code devices configured to cause a computer to effect determining of common applicabilities of said policies to various of said managed object class names and said object attributes; and
computer readable program code devices configured to cause a computer to effect grouping of said policies in said policy groups according to said common applicabilities.
47. The computer program product of claim 42 wherein said computer readable program code devices configured to cause a computer to effect inputting is carried out by:
computer readable program code devices configured to cause a computer to effect entry of said input object class name and proposed value of said input object attribute to said computer system.
48. The computer program product of claim 42 further comprising:
computer readable program code devices configured to cause a computer to effect cloning of an associated object class name and an associated object attribute of a previously input managed object; and
computer readable program code devices configured to cause a computer to effect utilization of said associated object class name and said associated object attribute to produce a modifiable initial representation of said input object class name and said input object attribute.
49. The computer program product of claim 42 further comprising:
computer readable program code devices configured to cause a computer to effect creating a template to establish an initial value for said input object attribute.
50. The computer program product of claim 42 further comprising:
computer readable program code devices configured to cause a computer to effect disallowing of entry of said proposed value of said input object attribute if said proposed value fails any one of said policies in said pertinent ones of said policy groups.
51. The computer program product of claim 42 further comprising:
computer readable program code devices configured to cause a computer to effect conditionally allowing of entry of said proposed value of said input object attribute if said proposed value fails an advisory one of said policies in said pertinent ones of said policy groups.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/856,038 US5797128A (en) | 1995-07-03 | 1997-05-14 | System and method for implementing a hierarchical policy for computer system administration |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US49772995A | 1995-07-03 | 1995-07-03 | |
US08/856,038 US5797128A (en) | 1995-07-03 | 1997-05-14 | System and method for implementing a hierarchical policy for computer system administration |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US49772995A Continuation | 1995-07-03 | 1995-07-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
US5797128A true US5797128A (en) | 1998-08-18 |
Family
ID=23978079
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/856,038 Expired - Fee Related US5797128A (en) | 1995-07-03 | 1997-05-14 | System and method for implementing a hierarchical policy for computer system administration |
Country Status (4)
Country | Link |
---|---|
US (1) | US5797128A (en) |
EP (1) | EP0752652B1 (en) |
JP (1) | JPH0969077A (en) |
DE (1) | DE69601149T2 (en) |
Cited By (171)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5889953A (en) * | 1995-05-25 | 1999-03-30 | Cabletron Systems, Inc. | Policy management and conflict resolution in computer networks |
US5925126A (en) * | 1997-03-18 | 1999-07-20 | Memco Software, Ltd. | Method for security shield implementation in computer system's software |
US5938768A (en) * | 1997-07-30 | 1999-08-17 | Northern Telecom Limited | Feature to facilitate numeric passcode entry |
US6128774A (en) * | 1997-10-28 | 2000-10-03 | Necula; George C. | Safe to execute verification of software |
US6145086A (en) * | 1997-05-30 | 2000-11-07 | Oracle Corporation | Security and password mechanisms in a database system |
WO2000067112A2 (en) * | 1999-04-30 | 2000-11-09 | Elata Plc | A system and method for managing distribution of content to a device |
US6170009B1 (en) * | 1998-07-17 | 2001-01-02 | Kallol Mandal | Controlling devices on a network through policies |
WO2001069383A1 (en) * | 2000-03-10 | 2001-09-20 | Aether Systems, Inc. | Method and apparatus for providing services to a user of a client device configured by templates that reference other templates |
US6301613B1 (en) * | 1998-12-03 | 2001-10-09 | Cisco Technology, Inc. | Verifying that a network management policy used by a computer system can be satisfied and is feasible for use |
US6327618B1 (en) * | 1998-12-03 | 2001-12-04 | Cisco Technology, Inc. | Recognizing and processing conflicts in network management policies |
US20020059404A1 (en) * | 2000-03-20 | 2002-05-16 | Schaaf Richard W. | Organizing and combining a hierarchy of configuration parameters to produce an entity profile for an entity associated with a communications network |
EP1208461A1 (en) * | 1999-01-29 | 2002-05-29 | Corporation Graylin | Entitlement management and access control system |
US20020078386A1 (en) * | 2000-12-18 | 2002-06-20 | Bones Robert Delee | Incorporating password change policy into a single sign-on environment |
WO2002054675A2 (en) * | 2001-01-05 | 2002-07-11 | Networks Associates Technology, Inc. | System and method for configuring computer applications and devices using inheritance |
WO2002067173A1 (en) * | 2001-02-23 | 2002-08-29 | I-Sprint Innovations Pte Ltd | A hierarchy model |
US20020133092A1 (en) * | 2001-03-16 | 2002-09-19 | Microvena Corporation | Wire convertible from over-the-wire length to rapid exchange length |
US20020144106A1 (en) * | 2001-03-27 | 2002-10-03 | Fujitsu Limited Of Kawasaki, Japan | Security system in a service provision system |
WO2002080458A1 (en) * | 2001-03-30 | 2002-10-10 | Nokia Corporation | Method for configuring a network by defining clusters |
US20020165949A1 (en) * | 2001-04-17 | 2002-11-07 | Secui.Com Corporation | Method for high speed discrimination of policy in packet filtering type firewall system |
US6484182B1 (en) | 1998-06-12 | 2002-11-19 | International Business Machines Corporation | Method and apparatus for publishing part datasheets |
US6487594B1 (en) * | 1999-11-30 | 2002-11-26 | Mediaone Group, Inc. | Policy management method and system for internet service providers |
US20020188869A1 (en) * | 2001-06-11 | 2002-12-12 | Paul Patrick | System and method for server security and entitlement processing |
US20020194317A1 (en) * | 2001-04-26 | 2002-12-19 | Yasusi Kanada | Method and system for controlling a policy-based network |
US20030014418A1 (en) * | 2001-06-19 | 2003-01-16 | International Business Machines Corporation | Using a privacy agreement framework to improve handling of personally identifiable information |
US20030041050A1 (en) * | 2001-04-16 | 2003-02-27 | Greg Smith | System and method for web-based marketing and campaign management |
US6529938B1 (en) | 1999-08-06 | 2003-03-04 | International Business Machines Corporation | Method, system, and program for executing operations on a client in a network environment |
US6539483B1 (en) * | 2000-01-12 | 2003-03-25 | International Business Machines Corporation | System and method for generation VPN network policies |
US20030105974A1 (en) * | 2001-10-24 | 2003-06-05 | Philip B. Griffin | System and method for rule-based entitlements |
US20030115246A1 (en) * | 1999-08-24 | 2003-06-19 | Hewlett-Packard Company And Intel Corporation | Policy management for host name mapped to dynamically assigned network address |
US20030115322A1 (en) * | 2001-12-13 | 2003-06-19 | Moriconi Mark S. | System and method for analyzing security policies in a distributed computer network |
US20030115313A1 (en) * | 2001-12-07 | 2003-06-19 | Yasusi Kanada | Network, server, and storage policy server |
US20030115484A1 (en) * | 1998-10-28 | 2003-06-19 | Moriconi Mark S. | System and method for incrementally distributing a security policy in a computer network |
US6587876B1 (en) * | 1999-08-24 | 2003-07-01 | Hewlett-Packard Development Company | Grouping targets of management policies |
US6615218B2 (en) | 1998-07-17 | 2003-09-02 | Sun Microsystems, Inc. | Database for executing policies for controlling devices on a network |
WO2002086696A3 (en) * | 2001-04-19 | 2003-10-16 | Ibm | A method and system for managing configuration changes in a data processing system |
US20030217332A1 (en) * | 2001-04-16 | 2003-11-20 | Greg Smith | System and method for web-based personalization and ecommerce management |
US20040006706A1 (en) * | 2002-06-06 | 2004-01-08 | Ulfar Erlingsson | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20040010598A1 (en) * | 2002-05-01 | 2004-01-15 | Bea Systems, Inc. | Portal setup wizard |
US20040030764A1 (en) * | 2002-08-08 | 2004-02-12 | International Business Machines Corporation | Identity assertion token principal mapping for common secure interoperability |
US20040068554A1 (en) * | 2002-05-01 | 2004-04-08 | Bea Systems, Inc. | Web service-enabled portlet wizard |
US20040068568A1 (en) * | 2002-05-01 | 2004-04-08 | Griffin Philip B. | Enterprise application platform |
US20040075626A1 (en) * | 2002-07-23 | 2004-04-22 | Jun-Young Lee | Device and method for driving plasma display panel |
US6735701B1 (en) * | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
US20040117407A1 (en) * | 2002-12-16 | 2004-06-17 | Manoj Kumar | Resource and data administration technologies for IT non-experts |
EP1431873A1 (en) * | 2002-12-19 | 2004-06-23 | Hewlett-Packard Company, A Delaware Corporation | Computer programming |
US20040162905A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for role and resource policy management optimization |
US20040162733A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for delegated administration |
US20040162906A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | System and method for hierarchical role-based entitlements |
US20040167899A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual content repository browser |
US20040167871A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Content mining for virtual content repositories |
US20040167880A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | System and method for searching a virtual repository content |
US20040167900A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual repository complex content model |
US20040167867A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual content repository application program interface |
US20040167920A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual repository content model |
US20040199521A1 (en) * | 2003-04-07 | 2004-10-07 | International Business Machines Corporation | Method, system, and program for managing groups of objects when there are different group types |
US20040210889A1 (en) * | 2003-04-17 | 2004-10-21 | International Business Machines Corporation | System management infrastructure for corrective actions to servers with shared resources |
US6819967B2 (en) | 2002-07-24 | 2004-11-16 | International Business Machines Corporation | Relational database for producing bill-of-materials from planning information |
US20040230947A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for personalizing a portal |
US20040230557A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for context-sensitive editing |
US20040230917A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for navigating a graphical hierarchy |
US20040243678A1 (en) * | 2003-05-29 | 2004-12-02 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US20040255147A1 (en) * | 2003-05-06 | 2004-12-16 | Vidius Inc. | Apparatus and method for assuring compliance with distribution and usage policy |
EP1492267A2 (en) * | 2003-06-24 | 2004-12-29 | Alcatel | Apparatus and method for evaluating in real-time a network policy |
US6839766B1 (en) * | 2000-01-14 | 2005-01-04 | Cisco Technology, Inc. | Method and apparatus for communicating cops protocol policies to non-cops-enabled network devices |
US20050015448A1 (en) * | 2003-07-15 | 2005-01-20 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US20050021952A1 (en) * | 2003-06-05 | 2005-01-27 | International Business Machines Corporation | System and method for representing multiple security groups as a single data object |
US6854035B2 (en) | 2001-10-05 | 2005-02-08 | International Business Machines Corporation | Storage area network methods and apparatus for display and management of a hierarchical file system extension policy |
US6865549B1 (en) | 1999-11-15 | 2005-03-08 | Sun Microsystems, Inc. | Method and apparatus for concurrency control in a policy-based management system |
US6880005B1 (en) * | 2000-03-31 | 2005-04-12 | Intel Corporation | Managing policy rules in a network |
US20050081055A1 (en) * | 2003-10-10 | 2005-04-14 | Bea Systems, Inc. | Dynamically configurable distributed security system |
US20050097352A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Embeddable security service module |
US20050097353A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy analysis tool |
US20050097166A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy inheritance through nested groups |
US20050114516A1 (en) * | 2003-11-21 | 2005-05-26 | Smith Steven J. | Systems and methods for automatically updating electronic mail access lists |
US20050138412A1 (en) * | 2003-02-14 | 2005-06-23 | Griffin Philip B. | Resource management with policies |
US20050138317A1 (en) * | 2003-12-19 | 2005-06-23 | Cannon David M. | Real-time feedback for policies for computing system management |
US20050188295A1 (en) * | 2004-02-25 | 2005-08-25 | Loren Konkus | Systems and methods for an extensible administration tool |
US20050198273A1 (en) * | 2004-03-04 | 2005-09-08 | International Business Machines Corporation | Event ownership assigner with failover for multiple event server system |
US20050228784A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for batch operations in a virtual content repository |
US20050228807A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for content lifecycles |
US20050228816A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for content type versions |
US20050229236A1 (en) * | 2004-04-06 | 2005-10-13 | Bea Systems, Inc. | Method for delegated adminstration |
US20050234849A1 (en) * | 2004-04-13 | 2005-10-20 | Bea Systems, Inc. | System and method for content lifecycles |
US20050234942A1 (en) * | 2004-04-13 | 2005-10-20 | Bea Systems, Inc. | System and method for content and schema lifecycles |
US20050251506A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for providing content services to a repository |
US20050251504A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for custom content lifecycles |
US20050251502A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for virtual content repository entitlements |
US20050251505A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for information lifecycle workflow integration |
US20050251851A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Configuration of a distributed security system |
US20050251852A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Distributed enterprise security system |
US20050256906A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Interface for portal and webserver administration-efficient updates |
US20050256899A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | System and method for representing hierarchical data structures |
US20050257245A1 (en) * | 2003-10-10 | 2005-11-17 | Bea Systems, Inc. | Distributed security system with dynamic roles |
US20050257154A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Graphical association of elements for portal and webserver administration |
US20050257172A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Interface for filtering for portal and webserver administration |
US6978379B1 (en) * | 1999-05-28 | 2005-12-20 | Hewlett-Packard Development Company, L.P. | Configuring computer systems |
US20050283583A1 (en) * | 2004-05-11 | 2005-12-22 | Hitachi, Ltd. | System and method for configuration management of storage system |
US20050289104A1 (en) * | 2004-06-29 | 2005-12-29 | International Business Machines Corporation | Dynamic user interface creation based on user responsibilities and company policies |
US20060028252A1 (en) * | 2004-04-13 | 2006-02-09 | Bea Systems, Inc. | System and method for content type management |
US20060041558A1 (en) * | 2004-04-13 | 2006-02-23 | Mccauley Rodney | System and method for content versioning |
US20060123026A1 (en) * | 2004-11-18 | 2006-06-08 | Bea Systems, Inc. | Client server conversion for representing hierarchical data structures |
US20060143267A1 (en) * | 2000-09-28 | 2006-06-29 | Bea Systems, Inc. | System for managing logical process flow in an online environment |
US20060167858A1 (en) * | 1998-08-14 | 2006-07-27 | Microsoft Corporation | System and method for implementing group policy |
US20060174132A1 (en) * | 2003-02-20 | 2006-08-03 | Bea Systems, Inc. | Federated management of content repositories |
US20060206440A1 (en) * | 2005-03-09 | 2006-09-14 | Sun Microsystems, Inc. | Automated policy constraint matching for computing resources |
US20060212407A1 (en) * | 2005-03-17 | 2006-09-21 | Lyon Dennis B | User authentication and secure transaction system |
US20060224628A1 (en) * | 2005-03-29 | 2006-10-05 | Bea Systems, Inc. | Modeling for data services |
US20060259954A1 (en) * | 2005-05-11 | 2006-11-16 | Bea Systems, Inc. | System and method for dynamic data redaction |
US20060277220A1 (en) * | 2005-03-28 | 2006-12-07 | Bea Systems, Inc. | Security data redaction |
US7174563B1 (en) * | 1997-12-08 | 2007-02-06 | Entrust, Limited | Computer network security system and method having unilateral enforceable security policy provision |
US7191469B2 (en) | 2002-05-13 | 2007-03-13 | Green Border Technologies | Methods and systems for providing a secure application environment using derived user accounts |
US20070073638A1 (en) * | 2005-09-26 | 2007-03-29 | Bea Systems, Inc. | System and method for using soft links to managed content |
US20070073663A1 (en) * | 2005-09-26 | 2007-03-29 | Bea Systems, Inc. | System and method for providing full-text searching of managed content |
US7236977B1 (en) * | 2002-09-20 | 2007-06-26 | Novell, Inc. | Method for dynamically distributing items for changes based on group membership |
US7272625B1 (en) * | 1997-03-10 | 2007-09-18 | Sonicwall, Inc. | Generalized policy server |
US20070282986A1 (en) * | 2006-06-05 | 2007-12-06 | Childress Rhonda L | Rule and Policy Promotion Within A Policy Hierarchy |
US20070282985A1 (en) * | 2006-06-05 | 2007-12-06 | Childress Rhonda L | Service Delivery Using Profile Based Management |
US7318237B2 (en) | 1998-10-28 | 2008-01-08 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US20080028436A1 (en) * | 1997-03-10 | 2008-01-31 | Sonicwall, Inc. | Generalized policy server |
US20080072280A1 (en) * | 2006-08-30 | 2008-03-20 | Tardo Joseph J | Method and system to control access to a secure asset via an electronic communications network |
US20080077809A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Credential Vault Encryption |
US20080172366A1 (en) * | 1998-06-29 | 2008-07-17 | Clifford Lee Hannel | Query Interface to Policy Server |
US20080209504A1 (en) * | 1999-05-06 | 2008-08-28 | David Wayne Bonn | Generalized network security policy templates for implementing similar network security policies across multiple networks |
US7451147B1 (en) * | 1999-11-18 | 2008-11-11 | International Business Machines Corporation | Flexible encryption scheme for GSO target passwords |
US7475091B2 (en) | 2004-04-13 | 2009-01-06 | Bea Systems, Inc. | System and method for viewing a virtual content repository |
US20090133026A1 (en) * | 2007-11-20 | 2009-05-21 | Aggarwal Vijay K | Method and system to identify conflicts in scheduling data center changes to assets |
US20090182569A1 (en) * | 2000-02-01 | 2009-07-16 | Morinville Paul V | Content Hierarchy |
US7580919B1 (en) | 1997-03-10 | 2009-08-25 | Sonicwall, Inc. | Query interface to policy server |
US7584418B2 (en) * | 2001-05-31 | 2009-09-01 | Oracle International Corporation | Methods, systems, and articles of manufacture for prefabricating an information page |
US7660843B1 (en) | 2003-01-21 | 2010-02-09 | Novell, Inc. | Method and apparatus for dynamically delivering a gadget |
US20100127677A1 (en) * | 2008-03-19 | 2010-05-27 | Yazaki Corporation | Electric power supply device |
US7818344B2 (en) | 2005-09-26 | 2010-10-19 | Bea Systems, Inc. | System and method for providing nested types for content management |
US20100281487A1 (en) * | 2009-05-03 | 2010-11-04 | Research In Motion Limited | Systems and methods for mobility server administration |
US20110010339A1 (en) * | 2009-07-09 | 2011-01-13 | Wipfel Robert A | Techniques for cloud control and management |
US7890639B1 (en) | 2002-01-30 | 2011-02-15 | Novell, Inc. | Method and apparatus for controlling access to portal content from outside the portal |
US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US7917537B2 (en) | 2005-09-26 | 2011-03-29 | Oracle International Corporation | System and method for providing link property types for content management |
US7962962B2 (en) * | 2001-06-19 | 2011-06-14 | International Business Machines Corporation | Using an object model to improve handling of personally identifiable information |
US20110173679A1 (en) * | 2010-01-08 | 2011-07-14 | Microsoft Corporation | Resource access based on multiple scope levels |
US7987421B1 (en) | 2002-01-30 | 2011-07-26 | Boyd H Timothy | Method and apparatus to dynamically provide web content resources in a portal |
US20110231443A1 (en) * | 1999-02-16 | 2011-09-22 | Clifford Lee Hannel | Query interface to policy server |
US8078707B1 (en) * | 2004-11-12 | 2011-12-13 | Juniper Networks, Inc. | Network management using hierarchical domains |
US20120131164A1 (en) * | 2010-11-24 | 2012-05-24 | Oracle International Corporation | Attaching web service policies to a group of policy subjects |
US8190513B2 (en) | 1996-06-05 | 2012-05-29 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US8229844B2 (en) | 1996-06-05 | 2012-07-24 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US8261095B1 (en) * | 2001-11-01 | 2012-09-04 | Google Inc. | Methods and systems for using derived user accounts |
US8272058B2 (en) | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
US8600830B2 (en) | 2003-02-05 | 2013-12-03 | Steven M. Hoffberg | System and method for providing a payment to a non-winning auction participant |
US8630942B2 (en) | 1996-06-05 | 2014-01-14 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US20140115138A1 (en) * | 2012-10-18 | 2014-04-24 | International Business Machines Corporation | Recommending a policy for an it asset |
US8782800B2 (en) | 2005-07-29 | 2014-07-15 | Bit9, Inc. | Parametric content control in a network security system |
US20140230012A1 (en) * | 2011-08-15 | 2014-08-14 | Arizona Board of Regents for and behalf of Arizona State University | Systems, methods, and media for policy-based monitoring and controlling of applications |
US8904181B1 (en) | 2001-03-23 | 2014-12-02 | David P. Felsher | System and method for secure three-party communications |
US8914843B2 (en) | 2011-09-30 | 2014-12-16 | Oracle International Corporation | Conflict resolution when identical policies are attached to a single policy subject |
US20150026240A1 (en) * | 2013-07-17 | 2015-01-22 | Iboss, Inc. | Location based network usage policies |
US8973117B2 (en) | 2010-11-24 | 2015-03-03 | Oracle International Corporation | Propagating security identity information to components of a composite application |
US8984636B2 (en) | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
US9021055B2 (en) | 2010-11-24 | 2015-04-28 | Oracle International Corporation | Nonconforming web service policy functions |
US9027077B1 (en) * | 2012-04-30 | 2015-05-05 | Palo Alto Networks, Inc. | Deploying policy configuration across multiple security devices through hierarchical configuration templates |
US9122765B1 (en) * | 2010-12-22 | 2015-09-01 | Vmware, Inc. | Efficient overcommitment of main-memory based virtual database system to disk |
US9246752B2 (en) | 2013-06-18 | 2016-01-26 | International Business Machines Corporation | Ensuring health and compliance of devices |
US9262176B2 (en) | 2011-05-31 | 2016-02-16 | Oracle International Corporation | Software execution using multiple initialization modes |
EP3133507A1 (en) | 2015-03-31 | 2017-02-22 | Secude AG | Context-based data classification |
USRE46439E1 (en) | 1997-03-10 | 2017-06-13 | Dropbox, Inc. | Distributed administration of access to information and interface for same |
EP3196798A1 (en) | 2016-01-19 | 2017-07-26 | Secude AG | Context-sensitive copy and paste block |
US9742640B2 (en) | 2010-11-24 | 2017-08-22 | Oracle International Corporation | Identifying compatible web service policies |
US10361802B1 (en) | 1999-02-01 | 2019-07-23 | Blanding Hovenweep, Llc | Adaptive pattern recognition based control system and method |
US10567975B2 (en) | 2005-10-04 | 2020-02-18 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
US11086613B2 (en) * | 2019-07-22 | 2021-08-10 | Capital One Services, Llc | Automated bucket policy management arrangements |
CN113760790A (en) * | 2021-09-08 | 2021-12-07 | 东莞市海能电子有限公司 | Docking station information instruction configuration and transmission method and device and docking station |
WO2023183025A1 (en) * | 2022-03-23 | 2023-09-28 | Hewlett-Packard Development Company, L.P. | Control of configuration of image forming apparatus by group policy in hierarchical structure of groups |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE347200T1 (en) * | 1997-07-24 | 2006-12-15 | Tumbleweed Comm Corp | ELECTRONIC MAIL FIREWALL WITH ENCRYPTION/DECRYPTION USING STORED KEYS |
US5968121A (en) * | 1997-08-13 | 1999-10-19 | Microsoft Corporation | Method and apparatus for representing and applying network topological data |
US6785756B2 (en) * | 2001-05-10 | 2004-08-31 | Oracle International Corporation | Methods and systems for multi-policy resource scheduling |
JP4793839B2 (en) * | 2004-06-29 | 2011-10-12 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Access control means using tree structure data |
JP4967056B2 (en) * | 2010-11-16 | 2012-07-04 | ヤフー株式会社 | Policy determination apparatus, method, and program |
JP4967055B2 (en) * | 2010-11-16 | 2012-07-04 | ヤフー株式会社 | Information processing system, method and program |
EP2721485A4 (en) * | 2011-06-16 | 2014-12-10 | Hewlett Packard Development Co | System and method for policy generation |
BR112014007400A2 (en) * | 2011-09-30 | 2017-04-04 | Hewlett Packard Development Co Lp | method for virtual device control in a computer system, computer system, and computer readable medium |
US10673696B2 (en) * | 2018-07-27 | 2020-06-02 | International Business Machines Corporation | Delegating dispersed storage network configuration capabilities while preserving ownership constraints |
WO2024034056A1 (en) * | 2022-08-10 | 2024-02-15 | 日本電信電話株式会社 | Network management device, network management method, and program |
Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4584639A (en) * | 1983-12-23 | 1986-04-22 | Key Logic, Inc. | Computer security system |
US4914590A (en) * | 1988-05-18 | 1990-04-03 | Emhart Industries, Inc. | Natural language understanding system |
US5129083A (en) * | 1989-06-29 | 1992-07-07 | Digital Equipment Corporation | Conditional object creating system having different object pointers for accessing a set of data structure objects |
US5159685A (en) * | 1989-12-06 | 1992-10-27 | Racal Data Communications Inc. | Expert system for communications network |
US5276775A (en) * | 1990-12-07 | 1994-01-04 | Texas Instruments Inc. | System and method for building knowledge-based applications |
US5278946A (en) * | 1989-12-04 | 1994-01-11 | Hitachi, Ltd. | Method of presenting multimedia data in a desired form by comparing and replacing a user template model with analogous portions of a system |
US5321841A (en) * | 1989-06-29 | 1994-06-14 | Digital Equipment Corporation | System for determining the rights of object access for a server process by combining them with the rights of the client process |
US5390282A (en) * | 1992-06-16 | 1995-02-14 | John R. Koza | Process for problem solving using spontaneously emergent self-replicating and self-improving entities |
US5414812A (en) * | 1992-03-27 | 1995-05-09 | International Business Machines Corporation | System for using object-oriented hierarchical representation to implement a configuration database for a layered computer network communications subsystem |
US5421004A (en) * | 1992-09-24 | 1995-05-30 | International Business Machines Corporation | Hierarchical testing environment |
US5530861A (en) * | 1991-08-26 | 1996-06-25 | Hewlett-Packard Company | Process enaction and tool integration via a task oriented paradigm |
US5544316A (en) * | 1992-09-24 | 1996-08-06 | International Business Machines Corporation | Method and system for optionally registering a local process to allow participation in a single system semantic |
US5548726A (en) * | 1993-12-17 | 1996-08-20 | Taligeni, Inc. | System for activating new service in client server network by reconfiguring the multilayer network protocol stack dynamically within the server node |
US5551031A (en) * | 1991-08-23 | 1996-08-27 | International Business Machines Corporation | Program storage device and computer program product for outer join operations using responsibility regions assigned to inner tables in a relational database |
US5550971A (en) * | 1993-06-30 | 1996-08-27 | U S West Technologies, Inc. | Method and system for generating a user interface adaptable to various database management systems |
US5552995A (en) * | 1993-11-24 | 1996-09-03 | The Trustees Of The Stevens Institute Of Technology | Concurrent engineering design tool and method |
US5553218A (en) * | 1992-03-09 | 1996-09-03 | International Business Machines Corporation | Graphical user interface for relating key index properties to database table columns |
US5555346A (en) * | 1991-10-04 | 1996-09-10 | Beyond Corporated | Event-driven rule-based messaging system |
US5559958A (en) * | 1991-06-24 | 1996-09-24 | Compaq Computer Corporation | Graphical user interface for computer management system and an associated management information base |
US5561798A (en) * | 1993-03-15 | 1996-10-01 | International Business Machines Corporation | Computer program product and program storage device for improving data recovery performance |
-
1996
- 1996-07-01 DE DE69601149T patent/DE69601149T2/en not_active Expired - Fee Related
- 1996-07-01 EP EP96650023A patent/EP0752652B1/en not_active Expired - Lifetime
- 1996-07-03 JP JP8173806A patent/JPH0969077A/en active Pending
-
1997
- 1997-05-14 US US08/856,038 patent/US5797128A/en not_active Expired - Fee Related
Patent Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4584639A (en) * | 1983-12-23 | 1986-04-22 | Key Logic, Inc. | Computer security system |
US4914590A (en) * | 1988-05-18 | 1990-04-03 | Emhart Industries, Inc. | Natural language understanding system |
US5129083A (en) * | 1989-06-29 | 1992-07-07 | Digital Equipment Corporation | Conditional object creating system having different object pointers for accessing a set of data structure objects |
US5321841A (en) * | 1989-06-29 | 1994-06-14 | Digital Equipment Corporation | System for determining the rights of object access for a server process by combining them with the rights of the client process |
US5278946A (en) * | 1989-12-04 | 1994-01-11 | Hitachi, Ltd. | Method of presenting multimedia data in a desired form by comparing and replacing a user template model with analogous portions of a system |
US5159685A (en) * | 1989-12-06 | 1992-10-27 | Racal Data Communications Inc. | Expert system for communications network |
US5276775A (en) * | 1990-12-07 | 1994-01-04 | Texas Instruments Inc. | System and method for building knowledge-based applications |
US5559958A (en) * | 1991-06-24 | 1996-09-24 | Compaq Computer Corporation | Graphical user interface for computer management system and an associated management information base |
US5551031A (en) * | 1991-08-23 | 1996-08-27 | International Business Machines Corporation | Program storage device and computer program product for outer join operations using responsibility regions assigned to inner tables in a relational database |
US5530861A (en) * | 1991-08-26 | 1996-06-25 | Hewlett-Packard Company | Process enaction and tool integration via a task oriented paradigm |
US5555346A (en) * | 1991-10-04 | 1996-09-10 | Beyond Corporated | Event-driven rule-based messaging system |
US5553218A (en) * | 1992-03-09 | 1996-09-03 | International Business Machines Corporation | Graphical user interface for relating key index properties to database table columns |
US5414812A (en) * | 1992-03-27 | 1995-05-09 | International Business Machines Corporation | System for using object-oriented hierarchical representation to implement a configuration database for a layered computer network communications subsystem |
US5390282A (en) * | 1992-06-16 | 1995-02-14 | John R. Koza | Process for problem solving using spontaneously emergent self-replicating and self-improving entities |
US5421004A (en) * | 1992-09-24 | 1995-05-30 | International Business Machines Corporation | Hierarchical testing environment |
US5544316A (en) * | 1992-09-24 | 1996-08-06 | International Business Machines Corporation | Method and system for optionally registering a local process to allow participation in a single system semantic |
US5561798A (en) * | 1993-03-15 | 1996-10-01 | International Business Machines Corporation | Computer program product and program storage device for improving data recovery performance |
US5550971A (en) * | 1993-06-30 | 1996-08-27 | U S West Technologies, Inc. | Method and system for generating a user interface adaptable to various database management systems |
US5552995A (en) * | 1993-11-24 | 1996-09-03 | The Trustees Of The Stevens Institute Of Technology | Concurrent engineering design tool and method |
US5548726A (en) * | 1993-12-17 | 1996-08-20 | Taligeni, Inc. | System for activating new service in client server network by reconfiguring the multilayer network protocol stack dynamically within the server node |
Non-Patent Citations (29)
Title |
---|
* Group Membership View, IBM Technical Disclosure Bulletin, vol. 34, No. 10B, Mar. 1992, New York, NY, pp. 309 310. * |
* Moffett, J.D. et al., "Policy Hierarchies for Distributed Systems Management," IEEE Journal on Selected Areas in Communications, Dec. 1993, vol. 11, No. 9, New York, NY, ISSN 0733-8716, pp. 1404-1414. |
* Moffett, J.D. et al., Policy Hierarchies for Distributed Systems Management, IEEE Journal on Selected Areas in Communications, Dec. 1993, vol. 11, No. 9, New York, NY, ISSN 0733 8716, pp. 1404 1414. * |
* Object Oriented user Administration, IBM Technical Disclosure Bulletin, vol. 34, No. 12, May 1992, New York, NY, pp. 461 465. * |
* Using Policy Domains to Delegate Administrative Authority in Distributed System Managed Storage, IBM Technical Disclosure Bulletin, vol. 36, No. 8, Aug. 1993, New York, NY, pp. 135 138. * |
*"Group Membership View," IBM Technical Disclosure Bulletin, vol. 34, No. 10B, Mar. 1992, New York, NY, pp. 309-310. |
*"Object Oriented user Administration," IBM Technical Disclosure Bulletin, vol. 34, No. 12, May 1992, New York, NY, pp. 461-465. |
*"Using Policy Domains to Delegate Administrative Authority in Distributed System Managed Storage," IBM Technical Disclosure Bulletin, vol. 36, No. 8, Aug. 1993, New York, NY, pp. 135-138. |
*Robinson, D.C., et al., "Domains: A New Approach to Distributed System Management," Proceedings: Workshop on the Future Trends of Distributed Computing Systems in the 1990s (Cat. No. 88TH0228-7), Hong Kong, Sep. 14-16, 1988, ISBN 0-8186-0897-8, 1988, Washington DC, IEEE Compt. Soc. Press, pp. 154-163. |
*Robinson, D.C., et al., Domains: A New Approach to Distributed System Management, Proceedings: Workshop on the Future Trends of Distributed Computing Systems in the 1990s (Cat. No. 88TH0228 7), Hong Kong, Sep. 14 16, 1988, ISBN 0 8186 0897 8, 1988, Washington DC, IEEE Compt. Soc. Press, pp. 154 163. * |
Hu et al., "Toward an authorization mechanism for user-role based security in an objected design model", IEEE, pp. 195-202, Jul. 1993. |
Hu et al., Toward an authorization mechanism for user role based security in an objected design model , IEEE, pp. 195 202, Jul. 1993. * |
IBM Technical Disclosure, vol. 34, No. 10B, pp. 309 310, Mar. 1992. * |
IBM Technical Disclosure, vol. 34, No. 10B, pp. 309-310, Mar. 1992. |
Moffett et al., "Policy hierarchies for distributed systems management", IEEE, pp. 404-414, Jun. 1992. |
Moffett et al., Policy hierarchies for distributed systems management , IEEE, pp. 404 414, Jun. 1992. * |
Moffett, Jonathan D. and Sloman, Morris S., "Policy Conflict Analysis in Distributed System Management," Apr. 12, 1993, scheduled to appear in the Journal of Organizational Computing, pp. 1-19. |
Moffett, Jonathan D. and Sloman, Morris S., "The Representation of Policies as System Objects," Nov. 1991, SIGOIS Bulletin vol. 12, No. 2 & 3, pp. 171-184. |
Moffett, Jonathan D. and Sloman, Morris S., Policy Conflict Analysis in Distributed System Management, Apr. 12, 1993, scheduled to appear in the Journal of Organizational Computing, pp. 1 19. * |
Moffett, Jonathan D. and Sloman, Morris S., The Representation of Policies as System Objects, Nov. 1991, SIGOIS Bulletin vol. 12, No. 2 & 3, pp. 171 184. * |
Robinson et al., "A new approach to distributed system management", IEEE, pp. 154-163, Sep. 1988. |
Robinson et al., A new approach to distributed system management , IEEE, pp. 154 163, Sep. 1988. * |
Rumbaugh, J., Blaha, M., Premerlan, W., Eddy, F. and Lorensen, W., "Object-Oriented Modeling and Design," Ch. 3, Object Modeling, 3.1.2 Classes, pp. 22, No date. |
Rumbaugh, J., Blaha, M., Premerlan, W., Eddy, F. and Lorensen, W., Object Oriented Modeling and Design, Ch. 3, Object Modeling, 3.1.2 Classes, pp. 22, No date. * |
Sloman, Morris S., Moffett, Jonathan D. and Twidle, Kevin P., "Domino Domains and Policies: An Introduction to the Project Results," Domino Paper Arch/IC/4, Feb. 20, 1992, Dept. of Computing, Imperial College, University of London, Ch. 17, pp. 1-20. |
Sloman, Morris S., Moffett, Jonathan D. and Twidle, Kevin P., Domino Domains and Policies: An Introduction to the Project Results, Domino Paper Arch/IC/4, Feb. 20, 1992, Dept. of Computing, Imperial College, University of London, Ch. 17, pp. 1 20. * |
X/Open Company Ltd., X/Open Preliminary Specification, "Systems Management: Management Services for an OMG Environment (Draft 0.4)," Dec. 19, 1994, Ch 1-6, pp. 1-215. |
X/Open Company Ltd., X/Open Preliminary Specification, Systems Management: Management Services for an OMG Environment (Draft 0.4), Dec. 19, 1994, Ch 1 6, pp. 1 215. * |
X/Open Management Services for an OMG Environment (Draft 0.4), Nov. 1994. * |
Cited By (337)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5889953A (en) * | 1995-05-25 | 1999-03-30 | Cabletron Systems, Inc. | Policy management and conflict resolution in computer networks |
US8630942B2 (en) | 1996-06-05 | 2014-01-14 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US8229844B2 (en) | 1996-06-05 | 2012-07-24 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US8190513B2 (en) | 1996-06-05 | 2012-05-29 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US9154489B2 (en) | 1997-03-10 | 2015-10-06 | Dell Software Inc. | Query interface to policy server |
US7272625B1 (en) * | 1997-03-10 | 2007-09-18 | Sonicwall, Inc. | Generalized policy server |
USRE46439E1 (en) | 1997-03-10 | 2017-06-13 | Dropbox, Inc. | Distributed administration of access to information and interface for same |
US7821926B2 (en) | 1997-03-10 | 2010-10-26 | Sonicwall, Inc. | Generalized policy server |
US9438577B2 (en) | 1997-03-10 | 2016-09-06 | Dell Software Inc. | Query interface to policy server |
US7580919B1 (en) | 1997-03-10 | 2009-08-25 | Sonicwall, Inc. | Query interface to policy server |
US9331992B2 (en) | 1997-03-10 | 2016-05-03 | Dell Software Inc. | Access control |
US9276920B2 (en) | 1997-03-10 | 2016-03-01 | Dell Software Inc. | Tunneling using encryption |
US8935311B2 (en) | 1997-03-10 | 2015-01-13 | Sonicwall, Inc. | Generalized policy server |
US20080028436A1 (en) * | 1997-03-10 | 2008-01-31 | Sonicwall, Inc. | Generalized policy server |
US5925126A (en) * | 1997-03-18 | 1999-07-20 | Memco Software, Ltd. | Method for security shield implementation in computer system's software |
US6145086A (en) * | 1997-05-30 | 2000-11-07 | Oracle Corporation | Security and password mechanisms in a database system |
US5938768A (en) * | 1997-07-30 | 1999-08-17 | Northern Telecom Limited | Feature to facilitate numeric passcode entry |
US6282659B1 (en) * | 1997-07-30 | 2001-08-28 | Nortel Networks Limited | Feature to facilitate numeric passcode entry |
US6128774A (en) * | 1997-10-28 | 2000-10-03 | Necula; George C. | Safe to execute verification of software |
US7174563B1 (en) * | 1997-12-08 | 2007-02-06 | Entrust, Limited | Computer network security system and method having unilateral enforceable security policy provision |
US6484182B1 (en) | 1998-06-12 | 2002-11-19 | International Business Machines Corporation | Method and apparatus for publishing part datasheets |
US8756653B2 (en) | 1998-06-25 | 2014-06-17 | Yaszistra Fund Iii, Llc | Network policy management and effectiveness system |
US20110093914A1 (en) * | 1998-06-25 | 2011-04-21 | Yaszistra Fund Iii, Llc. | Network policy management and effectiveness system |
US6735701B1 (en) * | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
US8381305B2 (en) | 1998-06-25 | 2013-02-19 | Yaszistra Fund Iii, Llc | Network policy management and effectiveness system |
US7912856B2 (en) | 1998-06-29 | 2011-03-22 | Sonicwall, Inc. | Adaptive encryption |
US20080172366A1 (en) * | 1998-06-29 | 2008-07-17 | Clifford Lee Hannel | Query Interface to Policy Server |
US6615218B2 (en) | 1998-07-17 | 2003-09-02 | Sun Microsystems, Inc. | Database for executing policies for controlling devices on a network |
US6170009B1 (en) * | 1998-07-17 | 2001-01-02 | Kallol Mandal | Controlling devices on a network through policies |
US20060167858A1 (en) * | 1998-08-14 | 2006-07-27 | Microsoft Corporation | System and method for implementing group policy |
US7363650B2 (en) | 1998-10-28 | 2008-04-22 | Bea Systems, Inc. | System and method for incrementally distributing a security policy in a computer network |
US7318237B2 (en) | 1998-10-28 | 2008-01-08 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US7506357B1 (en) * | 1998-10-28 | 2009-03-17 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US20030115484A1 (en) * | 1998-10-28 | 2003-06-19 | Moriconi Mark S. | System and method for incrementally distributing a security policy in a computer network |
US7673323B1 (en) | 1998-10-28 | 2010-03-02 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network |
US6418468B1 (en) | 1998-12-03 | 2002-07-09 | Cisco Technology, Inc. | Automatically verifying the feasibility of network management policies |
US6327618B1 (en) * | 1998-12-03 | 2001-12-04 | Cisco Technology, Inc. | Recognizing and processing conflicts in network management policies |
US6301613B1 (en) * | 1998-12-03 | 2001-10-09 | Cisco Technology, Inc. | Verifying that a network management policy used by a computer system can be satisfied and is feasible for use |
EP1208461A1 (en) * | 1999-01-29 | 2002-05-29 | Corporation Graylin | Entitlement management and access control system |
EP1208461A4 (en) * | 1999-01-29 | 2007-01-24 | Graylin Corporation | Entitlement management and access control system |
US10361802B1 (en) | 1999-02-01 | 2019-07-23 | Blanding Hovenweep, Llc | Adaptive pattern recognition based control system and method |
US20110231443A1 (en) * | 1999-02-16 | 2011-09-22 | Clifford Lee Hannel | Query interface to policy server |
US8914410B2 (en) | 1999-02-16 | 2014-12-16 | Sonicwall, Inc. | Query interface to policy server |
WO2000067112A2 (en) * | 1999-04-30 | 2000-11-09 | Elata Plc | A system and method for managing distribution of content to a device |
WO2000067112A3 (en) * | 1999-04-30 | 2001-01-25 | Hugh Symons Group Plc | A system and method for managing distribution of content to a device |
US6886017B1 (en) | 1999-04-30 | 2005-04-26 | Elata Limited | System and method for managing distribution of content to a device |
US20080209504A1 (en) * | 1999-05-06 | 2008-08-28 | David Wayne Bonn | Generalized network security policy templates for implementing similar network security policies across multiple networks |
US6978379B1 (en) * | 1999-05-28 | 2005-12-20 | Hewlett-Packard Development Company, L.P. | Configuring computer systems |
US6529938B1 (en) | 1999-08-06 | 2003-03-04 | International Business Machines Corporation | Method, system, and program for executing operations on a client in a network environment |
US20030115246A1 (en) * | 1999-08-24 | 2003-06-19 | Hewlett-Packard Company And Intel Corporation | Policy management for host name mapped to dynamically assigned network address |
US6587876B1 (en) * | 1999-08-24 | 2003-07-01 | Hewlett-Packard Development Company | Grouping targets of management policies |
US6865549B1 (en) | 1999-11-15 | 2005-03-08 | Sun Microsystems, Inc. | Method and apparatus for concurrency control in a policy-based management system |
US7451147B1 (en) * | 1999-11-18 | 2008-11-11 | International Business Machines Corporation | Flexible encryption scheme for GSO target passwords |
US6487594B1 (en) * | 1999-11-30 | 2002-11-26 | Mediaone Group, Inc. | Policy management method and system for internet service providers |
US6539483B1 (en) * | 2000-01-12 | 2003-03-25 | International Business Machines Corporation | System and method for generation VPN network policies |
US6839766B1 (en) * | 2000-01-14 | 2005-01-04 | Cisco Technology, Inc. | Method and apparatus for communicating cops protocol policies to non-cops-enabled network devices |
US7991907B2 (en) | 2000-01-14 | 2011-08-02 | Cisco Technology, Inc. | Method and apparatus for communicating COPS protocol policies to non-COPS-enabled network devices |
US20050060393A1 (en) * | 2000-01-14 | 2005-03-17 | Itzhak Parnafes | Method and apparatus for communicating COPS protocol policies to non-COPS-enabled network devices |
US20090182569A1 (en) * | 2000-02-01 | 2009-07-16 | Morinville Paul V | Content Hierarchy |
WO2001069383A1 (en) * | 2000-03-10 | 2001-09-20 | Aether Systems, Inc. | Method and apparatus for providing services to a user of a client device configured by templates that reference other templates |
US20020059404A1 (en) * | 2000-03-20 | 2002-05-16 | Schaaf Richard W. | Organizing and combining a hierarchy of configuration parameters to produce an entity profile for an entity associated with a communications network |
US6880005B1 (en) * | 2000-03-31 | 2005-04-12 | Intel Corporation | Managing policy rules in a network |
US7487207B2 (en) | 2000-09-28 | 2009-02-03 | Bea Systems, Inc. | System and method for determining the functionality of a software application based on nodes within the software application and transitions between the nodes |
US20060143267A1 (en) * | 2000-09-28 | 2006-06-29 | Bea Systems, Inc. | System for managing logical process flow in an online environment |
US7260838B2 (en) * | 2000-12-18 | 2007-08-21 | International Business Machines Corporation | Incorporating password change policy into a single sign-on environment |
US20020078386A1 (en) * | 2000-12-18 | 2002-06-20 | Bones Robert Delee | Incorporating password change policy into a single sign-on environment |
WO2002054675A2 (en) * | 2001-01-05 | 2002-07-11 | Networks Associates Technology, Inc. | System and method for configuring computer applications and devices using inheritance |
WO2002054675A3 (en) * | 2001-01-05 | 2003-03-06 | Networks Assoc Tech Inc | System and method for configuring computer applications and devices using inheritance |
WO2002067173A1 (en) * | 2001-02-23 | 2002-08-29 | I-Sprint Innovations Pte Ltd | A hierarchy model |
US20020133092A1 (en) * | 2001-03-16 | 2002-09-19 | Microvena Corporation | Wire convertible from over-the-wire length to rapid exchange length |
US8904181B1 (en) | 2001-03-23 | 2014-12-02 | David P. Felsher | System and method for secure three-party communications |
US9419951B1 (en) | 2001-03-23 | 2016-08-16 | St. Luke Technologies, Llc | System and method for secure three-party communications |
US20020144106A1 (en) * | 2001-03-27 | 2002-10-03 | Fujitsu Limited Of Kawasaki, Japan | Security system in a service provision system |
US7047557B2 (en) * | 2001-03-27 | 2006-05-16 | Fujitsu Limited | Security system in a service provision system |
WO2002080458A1 (en) * | 2001-03-30 | 2002-10-10 | Nokia Corporation | Method for configuring a network by defining clusters |
US20040117226A1 (en) * | 2001-03-30 | 2004-06-17 | Jaana Laiho | Method for configuring a network by defining clusters |
US7499948B2 (en) | 2001-04-16 | 2009-03-03 | Bea Systems, Inc. | System and method for web-based personalization and ecommerce management |
US20030041050A1 (en) * | 2001-04-16 | 2003-02-27 | Greg Smith | System and method for web-based marketing and campaign management |
US20030217332A1 (en) * | 2001-04-16 | 2003-11-20 | Greg Smith | System and method for web-based personalization and ecommerce management |
US6976089B2 (en) * | 2001-04-17 | 2005-12-13 | Secul.Com Corp. | Method for high speed discrimination of policy in packet filtering type firewall system |
US20020165949A1 (en) * | 2001-04-17 | 2002-11-07 | Secui.Com Corporation | Method for high speed discrimination of policy in packet filtering type firewall system |
US8099728B2 (en) | 2001-04-19 | 2012-01-17 | International Business Machines Corporation | System for managing configuration changes in a data processing system |
US20040153869A1 (en) * | 2001-04-19 | 2004-08-05 | Claudio Marinelli | Method and system for managing configuration changes in a data processing system |
US7370323B2 (en) * | 2001-04-19 | 2008-05-06 | International Business Machines Corporation | Method and system for managing configuration changes in a data processing system |
WO2002086696A3 (en) * | 2001-04-19 | 2003-10-16 | Ibm | A method and system for managing configuration changes in a data processing system |
US20080215558A1 (en) * | 2001-04-19 | 2008-09-04 | Claudio Marinelli | System for managing configuration changes in a data processing system |
US20020194317A1 (en) * | 2001-04-26 | 2002-12-19 | Yasusi Kanada | Method and system for controlling a policy-based network |
US7003578B2 (en) * | 2001-04-26 | 2006-02-21 | Hewlett-Packard Development Company, L.P. | Method and system for controlling a policy-based network |
US7584418B2 (en) * | 2001-05-31 | 2009-09-01 | Oracle International Corporation | Methods, systems, and articles of manufacture for prefabricating an information page |
US20020188869A1 (en) * | 2001-06-11 | 2002-12-12 | Paul Patrick | System and method for server security and entitlement processing |
US7392546B2 (en) | 2001-06-11 | 2008-06-24 | Bea Systems, Inc. | System and method for server security and entitlement processing |
US7962962B2 (en) * | 2001-06-19 | 2011-06-14 | International Business Machines Corporation | Using an object model to improve handling of personally identifiable information |
US20030014418A1 (en) * | 2001-06-19 | 2003-01-16 | International Business Machines Corporation | Using a privacy agreement framework to improve handling of personally identifiable information |
US7603317B2 (en) | 2001-06-19 | 2009-10-13 | International Business Machines Corporation | Using a privacy agreement framework to improve handling of personally identifiable information |
US6854035B2 (en) | 2001-10-05 | 2005-02-08 | International Business Machines Corporation | Storage area network methods and apparatus for display and management of a hierarchical file system extension policy |
US7240280B2 (en) | 2001-10-24 | 2007-07-03 | Bea Systems, Inc. | System and method for application flow integration in a portal framework |
US20070214421A1 (en) * | 2001-10-24 | 2007-09-13 | Bea Systems, Inc. | System and method for application flow integration in a portal framework |
US7367014B2 (en) | 2001-10-24 | 2008-04-29 | Bea Systems, Inc. | System and method for XML data representation of portlets |
US20050187978A1 (en) * | 2001-10-24 | 2005-08-25 | Bea Systems, Inc. | System and method for portal rendering |
US7516167B2 (en) | 2001-10-24 | 2009-04-07 | Bea Systems, Inc. | Data synchronization |
US7451163B2 (en) | 2001-10-24 | 2008-11-11 | Bea Systems, Inc. | Data synchronization |
US20030105974A1 (en) * | 2001-10-24 | 2003-06-05 | Philip B. Griffin | System and method for rule-based entitlements |
US7472342B2 (en) | 2001-10-24 | 2008-12-30 | Bea Systems, Inc. | System and method for portal page layout |
US20030115292A1 (en) * | 2001-10-24 | 2003-06-19 | Griffin Philip B. | System and method for delegated administration |
US20030117437A1 (en) * | 2001-10-24 | 2003-06-26 | Cook Thomas A. | Portal administration tool |
US7451477B2 (en) | 2001-10-24 | 2008-11-11 | Bea Systems, Inc. | System and method for rule-based entitlements |
US20030149722A1 (en) * | 2001-10-24 | 2003-08-07 | Chris Jolley | System and method for application flow integration in a portal framework |
US8261095B1 (en) * | 2001-11-01 | 2012-09-04 | Google Inc. | Methods and systems for using derived user accounts |
US8683578B2 (en) | 2001-11-01 | 2014-03-25 | Google Inc. | Methods and systems for using derived user accounts |
US9516032B2 (en) | 2001-11-01 | 2016-12-06 | Google Inc. | Methods and systems for using derived user accounts |
US8875281B2 (en) | 2001-11-01 | 2014-10-28 | Google Inc | Methods and systems for using derived user accounts |
US7433944B2 (en) * | 2001-12-07 | 2008-10-07 | Hitachi, Ltd. | Network, server, and storage policy server |
US20030115313A1 (en) * | 2001-12-07 | 2003-06-19 | Yasusi Kanada | Network, server, and storage policy server |
US20030115322A1 (en) * | 2001-12-13 | 2003-06-19 | Moriconi Mark S. | System and method for analyzing security policies in a distributed computer network |
US7350226B2 (en) * | 2001-12-13 | 2008-03-25 | Bea Systems, Inc. | System and method for analyzing security policies in a distributed computer network |
US7890639B1 (en) | 2002-01-30 | 2011-02-15 | Novell, Inc. | Method and apparatus for controlling access to portal content from outside the portal |
US7987421B1 (en) | 2002-01-30 | 2011-07-26 | Boyd H Timothy | Method and apparatus to dynamically provide web content resources in a portal |
US20040068554A1 (en) * | 2002-05-01 | 2004-04-08 | Bea Systems, Inc. | Web service-enabled portlet wizard |
US20070214271A1 (en) * | 2002-05-01 | 2007-09-13 | Bea Systems, Inc. | Enterprise application platform |
US7725560B2 (en) | 2002-05-01 | 2010-05-25 | Bea Systems Inc. | Web service-enabled portlet wizard |
US20040010598A1 (en) * | 2002-05-01 | 2004-01-15 | Bea Systems, Inc. | Portal setup wizard |
US7426548B2 (en) | 2002-05-01 | 2008-09-16 | Bea Systems, Inc. | Enterprise application platform |
US7496687B2 (en) | 2002-05-01 | 2009-02-24 | Bea Systems, Inc. | Enterprise application platform |
US20040068568A1 (en) * | 2002-05-01 | 2004-04-08 | Griffin Philip B. | Enterprise application platform |
US7191469B2 (en) | 2002-05-13 | 2007-03-13 | Green Border Technologies | Methods and systems for providing a secure application environment using derived user accounts |
US10922403B1 (en) | 2002-06-06 | 2021-02-16 | Google Llc | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US10133864B2 (en) | 2002-06-06 | 2018-11-20 | Google Llc | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US9171149B2 (en) | 2002-06-06 | 2015-10-27 | Google Inc. | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20040006706A1 (en) * | 2002-06-06 | 2004-01-08 | Ulfar Erlingsson | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20040075626A1 (en) * | 2002-07-23 | 2004-04-22 | Jun-Young Lee | Device and method for driving plasma display panel |
US6819967B2 (en) | 2002-07-24 | 2004-11-16 | International Business Machines Corporation | Relational database for producing bill-of-materials from planning information |
US20040030764A1 (en) * | 2002-08-08 | 2004-02-12 | International Business Machines Corporation | Identity assertion token principal mapping for common secure interoperability |
US7236977B1 (en) * | 2002-09-20 | 2007-06-26 | Novell, Inc. | Method for dynamically distributing items for changes based on group membership |
US20070219997A1 (en) * | 2002-09-20 | 2007-09-20 | Novell, Inc. | Method for dynamically distributing items for changes based on group membership |
US7657548B2 (en) | 2002-09-20 | 2010-02-02 | Novell, Inc. | Method for dynamically distributing items for changes based on group membership |
US20040117407A1 (en) * | 2002-12-16 | 2004-06-17 | Manoj Kumar | Resource and data administration technologies for IT non-experts |
US7149738B2 (en) * | 2002-12-16 | 2006-12-12 | International Business Machines Corporation | Resource and data administration technologies for IT non-experts |
EP1431873A1 (en) * | 2002-12-19 | 2004-06-23 | Hewlett-Packard Company, A Delaware Corporation | Computer programming |
US20040187096A1 (en) * | 2002-12-19 | 2004-09-23 | Dominique Dumont | Computer programming |
US7660843B1 (en) | 2003-01-21 | 2010-02-09 | Novell, Inc. | Method and apparatus for dynamically delivering a gadget |
US8600830B2 (en) | 2003-02-05 | 2013-12-03 | Steven M. Hoffberg | System and method for providing a payment to a non-winning auction participant |
US9818136B1 (en) | 2003-02-05 | 2017-11-14 | Steven M. Hoffberg | System and method for determining contingent relevance |
US10163137B2 (en) | 2003-02-05 | 2018-12-25 | Steven M. Hoffberg | System and method for incentivizing participation in a market transaction |
US10943273B2 (en) | 2003-02-05 | 2021-03-09 | The Hoffberg Family Trust 2004-1 | System and method for determining contingent relevance |
US11790413B2 (en) | 2003-02-05 | 2023-10-17 | Hoffberg Family Trust 2 | System and method for communication |
US7591000B2 (en) * | 2003-02-14 | 2009-09-15 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
US20050138412A1 (en) * | 2003-02-14 | 2005-06-23 | Griffin Philip B. | Resource management with policies |
US20040162905A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for role and resource policy management optimization |
US20040162733A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | Method for delegated administration |
US20040162906A1 (en) * | 2003-02-14 | 2004-08-19 | Griffin Philip B. | System and method for hierarchical role-based entitlements |
US7992189B2 (en) | 2003-02-14 | 2011-08-02 | Oracle International Corporation | System and method for hierarchical role-based entitlements |
US20050138411A1 (en) * | 2003-02-14 | 2005-06-23 | Griffin Philip B. | Resource management with roles |
US8831966B2 (en) | 2003-02-14 | 2014-09-09 | Oracle International Corporation | Method for delegated administration |
WO2004074993A3 (en) * | 2003-02-14 | 2006-04-13 | Bea Systems Inc | System and method for hierarchical role-based entitlements |
US7653930B2 (en) * | 2003-02-14 | 2010-01-26 | Bea Systems, Inc. | Method for role and resource policy management optimization |
US20040167880A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | System and method for searching a virtual repository content |
US20060174132A1 (en) * | 2003-02-20 | 2006-08-03 | Bea Systems, Inc. | Federated management of content repositories |
US8099779B2 (en) | 2003-02-20 | 2012-01-17 | Oracle International Corporation | Federated management of content repositories |
US7433896B2 (en) | 2003-02-20 | 2008-10-07 | Bea Systems, Inc. | Federated management of content repositories |
US20040167920A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual repository content model |
US20040167867A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual content repository application program interface |
US20040167900A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual repository complex content model |
US7562298B2 (en) | 2003-02-20 | 2009-07-14 | Bea Systems, Inc. | Virtual content repository browser |
US7840614B2 (en) | 2003-02-20 | 2010-11-23 | Bea Systems, Inc. | Virtual content repository application program interface |
US7483904B2 (en) | 2003-02-20 | 2009-01-27 | Bea Systems, Inc. | Virtual repository content model |
US20040167871A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Content mining for virtual content repositories |
US20040167899A1 (en) * | 2003-02-20 | 2004-08-26 | Bea Systems, Inc. | Virtual content repository browser |
US7415478B2 (en) | 2003-02-20 | 2008-08-19 | Bea Systems, Inc. | Virtual repository complex content model |
US20040230917A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for navigating a graphical hierarchy |
US20040230557A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for context-sensitive editing |
US7810036B2 (en) | 2003-02-28 | 2010-10-05 | Bea Systems, Inc. | Systems and methods for personalizing a portal |
US20040230947A1 (en) * | 2003-02-28 | 2004-11-18 | Bales Christopher E. | Systems and methods for personalizing a portal |
US8214377B2 (en) | 2003-04-07 | 2012-07-03 | International Business Machines Corporation | Method, system, and program for managing groups of objects when there are different group types |
US20040199521A1 (en) * | 2003-04-07 | 2004-10-07 | International Business Machines Corporation | Method, system, and program for managing groups of objects when there are different group types |
US20090183024A1 (en) * | 2003-04-17 | 2009-07-16 | Childress Rhonda L | System Management Infrastructure for Corrective Actions to Servers with Shared Resources |
US20040210889A1 (en) * | 2003-04-17 | 2004-10-21 | International Business Machines Corporation | System management infrastructure for corrective actions to servers with shared resources |
US7529981B2 (en) | 2003-04-17 | 2009-05-05 | International Business Machines Corporation | System management infrastructure for corrective actions to servers with shared resources |
US7992033B2 (en) | 2003-04-17 | 2011-08-02 | International Business Machines Corporation | System management infrastructure for corrective actions to servers with shared resources |
US20040255147A1 (en) * | 2003-05-06 | 2004-12-16 | Vidius Inc. | Apparatus and method for assuring compliance with distribution and usage policy |
US7669225B2 (en) * | 2003-05-06 | 2010-02-23 | Portauthority Technologies Inc. | Apparatus and method for assuring compliance with distribution and usage policy |
US20080120378A2 (en) * | 2003-05-29 | 2008-05-22 | Mindshare Design, Inc. | Systems and Methods for Automatically Updating Electronic Mail Access Lists |
US20040243678A1 (en) * | 2003-05-29 | 2004-12-02 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US7657599B2 (en) | 2003-05-29 | 2010-02-02 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US7757277B2 (en) | 2003-06-05 | 2010-07-13 | International Business Machines Corporation | System and method for representing multiple security groups as a single data object |
US20050021952A1 (en) * | 2003-06-05 | 2005-01-27 | International Business Machines Corporation | System and method for representing multiple security groups as a single data object |
US7480798B2 (en) * | 2003-06-05 | 2009-01-20 | International Business Machines Corporation | System and method for representing multiple security groups as a single data object |
US20090100510A1 (en) * | 2003-06-05 | 2009-04-16 | International Business Machines Corporation | System and Method for Representing Multiple Security Groups as a Single Data Object |
EP1492267A2 (en) * | 2003-06-24 | 2004-12-29 | Alcatel | Apparatus and method for evaluating in real-time a network policy |
EP1492267A3 (en) * | 2003-06-24 | 2005-01-12 | Alcatel | Apparatus and method for evaluating in real-time a network policy |
US20050015448A1 (en) * | 2003-07-15 | 2005-01-20 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US7562119B2 (en) | 2003-07-15 | 2009-07-14 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US20050097351A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Security provider development model |
US20050102401A1 (en) * | 2003-10-10 | 2005-05-12 | Bea Systems, Inc. | Distributed enterprise security system for a resource hierarchy |
US20050097166A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy inheritance through nested groups |
US20050102536A1 (en) * | 2003-10-10 | 2005-05-12 | Bea Systems, Inc. | Dynamically configurable distributed security system |
US20050251852A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Distributed enterprise security system |
US20050097353A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Policy analysis tool |
US20050102535A1 (en) * | 2003-10-10 | 2005-05-12 | Bea Systems, Inc. | Distributed security system with security service providers |
US20050102510A1 (en) * | 2003-10-10 | 2005-05-12 | Bea Systems, Inc. | Delegation in a distributed security system |
US20050097352A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Embeddable security service module |
US20050081063A1 (en) * | 2003-10-10 | 2005-04-14 | Bea Systems, Inc. | Delegated administration for a distributed security system |
US20050251851A1 (en) * | 2003-10-10 | 2005-11-10 | Bea Systems, Inc. | Configuration of a distributed security system |
US20050097350A1 (en) * | 2003-10-10 | 2005-05-05 | Bea Systems, Inc. | Security control module |
US20050257245A1 (en) * | 2003-10-10 | 2005-11-17 | Bea Systems, Inc. | Distributed security system with dynamic roles |
US20050081055A1 (en) * | 2003-10-10 | 2005-04-14 | Bea Systems, Inc. | Dynamically configurable distributed security system |
US7644432B2 (en) * | 2003-10-10 | 2010-01-05 | Bea Systems, Inc. | Policy inheritance through nested groups |
US7594112B2 (en) | 2003-10-10 | 2009-09-22 | Bea Systems, Inc. | Delegated administration for a distributed security system |
US7594224B2 (en) | 2003-10-10 | 2009-09-22 | Bea Systems, Inc. | Distributed enterprise security system |
US7603547B2 (en) | 2003-10-10 | 2009-10-13 | Bea Systems, Inc. | Security control module |
US7603548B2 (en) | 2003-10-10 | 2009-10-13 | Bea Systems, Inc. | Security provider development model |
US20050114516A1 (en) * | 2003-11-21 | 2005-05-26 | Smith Steven J. | Systems and methods for automatically updating electronic mail access lists |
US7660857B2 (en) | 2003-11-21 | 2010-02-09 | Mindshare Design, Inc. | Systems and methods for automatically updating electronic mail access lists |
US8930509B2 (en) | 2003-12-19 | 2015-01-06 | International Business Machines Corporation | Real-time feedback for policies for computing system management |
US20100198958A1 (en) * | 2003-12-19 | 2010-08-05 | International Business Machines Corporation | Real-time feedback for policies for computing system management |
US8307060B2 (en) | 2003-12-19 | 2012-11-06 | International Business Machines Corporation | Real-time feedback for policies for computing system management |
US20050138317A1 (en) * | 2003-12-19 | 2005-06-23 | Cannon David M. | Real-time feedback for policies for computing system management |
US7734750B2 (en) | 2003-12-19 | 2010-06-08 | International Business Machines Corporation | Real-time feedback for policies for computing system management |
US20050188295A1 (en) * | 2004-02-25 | 2005-08-25 | Loren Konkus | Systems and methods for an extensible administration tool |
US20050198273A1 (en) * | 2004-03-04 | 2005-09-08 | International Business Machines Corporation | Event ownership assigner with failover for multiple event server system |
US8224937B2 (en) | 2004-03-04 | 2012-07-17 | International Business Machines Corporation | Event ownership assigner with failover for multiple event server system |
US20050229236A1 (en) * | 2004-04-06 | 2005-10-13 | Bea Systems, Inc. | Method for delegated adminstration |
US7774601B2 (en) | 2004-04-06 | 2010-08-10 | Bea Systems, Inc. | Method for delegated administration |
US7236975B2 (en) | 2004-04-13 | 2007-06-26 | Bea Systems, Inc. | System and method for controlling access to anode in a virtual content repository that integrates a plurality of content repositories |
US20060041558A1 (en) * | 2004-04-13 | 2006-02-23 | Mccauley Rodney | System and method for content versioning |
US7580953B2 (en) | 2004-04-13 | 2009-08-25 | Bea Systems, Inc. | System and method for schema lifecycles in a virtual content repository that integrates a plurality of content repositories |
US20050251504A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for custom content lifecycles |
US20050234849A1 (en) * | 2004-04-13 | 2005-10-20 | Bea Systems, Inc. | System and method for content lifecycles |
US7475091B2 (en) | 2004-04-13 | 2009-01-06 | Bea Systems, Inc. | System and method for viewing a virtual content repository |
US7236989B2 (en) | 2004-04-13 | 2007-06-26 | Bea Systems, Inc. | System and method for providing lifecycles for custom content in a virtual content repository |
US20050251505A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for information lifecycle workflow integration |
US7240076B2 (en) | 2004-04-13 | 2007-07-03 | Bea Systems, Inc. | System and method for providing a lifecycle for information in a virtual content repository |
US7246138B2 (en) | 2004-04-13 | 2007-07-17 | Bea Systems, Inc. | System and method for content lifecycles in a virtual content repository that integrates a plurality of content repositories |
US20050251506A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for providing content services to a repository |
US20050251502A1 (en) * | 2004-04-13 | 2005-11-10 | Bea Systems, Inc. | System and method for virtual content repository entitlements |
US20050234942A1 (en) * | 2004-04-13 | 2005-10-20 | Bea Systems, Inc. | System and method for content and schema lifecycles |
US20050228816A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for content type versions |
US7236990B2 (en) | 2004-04-13 | 2007-06-26 | Bea Systems, Inc. | System and method for information lifecycle workflow integration |
US20050228807A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for content lifecycles |
US7162504B2 (en) | 2004-04-13 | 2007-01-09 | Bea Systems, Inc. | System and method for providing content services to a repository |
US20060028252A1 (en) * | 2004-04-13 | 2006-02-09 | Bea Systems, Inc. | System and method for content type management |
US20050228784A1 (en) * | 2004-04-13 | 2005-10-13 | Bea Systems, Inc. | System and method for batch operations in a virtual content repository |
US20050283583A1 (en) * | 2004-05-11 | 2005-12-22 | Hitachi, Ltd. | System and method for configuration management of storage system |
US7373476B2 (en) * | 2004-05-11 | 2008-05-13 | Hitachi, Ltd. | System and method for configuration management of storage system |
US20080209158A1 (en) * | 2004-05-11 | 2008-08-28 | Hitachi, Ltd. | System and Method for Configuration Management of Storage System |
US20050256899A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | System and method for representing hierarchical data structures |
US20050257172A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Interface for filtering for portal and webserver administration |
US20050257154A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Graphical association of elements for portal and webserver administration |
US20050256906A1 (en) * | 2004-05-14 | 2005-11-17 | Bea Systems, Inc. | Interface for portal and webserver administration-efficient updates |
US20050289104A1 (en) * | 2004-06-29 | 2005-12-29 | International Business Machines Corporation | Dynamic user interface creation based on user responsibilities and company policies |
US7533097B2 (en) * | 2004-06-29 | 2009-05-12 | International Business Machines Corporation | Dynamic user interface creation based on user responsibilities and company policies |
US8078707B1 (en) * | 2004-11-12 | 2011-12-13 | Juniper Networks, Inc. | Network management using hierarchical domains |
US20060123026A1 (en) * | 2004-11-18 | 2006-06-08 | Bea Systems, Inc. | Client server conversion for representing hierarchical data structures |
US7783670B2 (en) | 2004-11-18 | 2010-08-24 | Bea Systems, Inc. | Client server conversion for representing hierarchical data structures |
US7478419B2 (en) * | 2005-03-09 | 2009-01-13 | Sun Microsystems, Inc. | Automated policy constraint matching for computing resources |
US20060206440A1 (en) * | 2005-03-09 | 2006-09-14 | Sun Microsystems, Inc. | Automated policy constraint matching for computing resources |
US20060212407A1 (en) * | 2005-03-17 | 2006-09-21 | Lyon Dennis B | User authentication and secure transaction system |
US20060277220A1 (en) * | 2005-03-28 | 2006-12-07 | Bea Systems, Inc. | Security data redaction |
US8086615B2 (en) | 2005-03-28 | 2011-12-27 | Oracle International Corporation | Security data redaction |
US20060224628A1 (en) * | 2005-03-29 | 2006-10-05 | Bea Systems, Inc. | Modeling for data services |
US7748027B2 (en) | 2005-05-11 | 2010-06-29 | Bea Systems, Inc. | System and method for dynamic data redaction |
US20060259954A1 (en) * | 2005-05-11 | 2006-11-16 | Bea Systems, Inc. | System and method for dynamic data redaction |
US8272058B2 (en) | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
US8782800B2 (en) | 2005-07-29 | 2014-07-15 | Bit9, Inc. | Parametric content control in a network security system |
US8984636B2 (en) | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
US7895651B2 (en) | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US20070073663A1 (en) * | 2005-09-26 | 2007-03-29 | Bea Systems, Inc. | System and method for providing full-text searching of managed content |
US7917537B2 (en) | 2005-09-26 | 2011-03-29 | Oracle International Corporation | System and method for providing link property types for content management |
US20070073638A1 (en) * | 2005-09-26 | 2007-03-29 | Bea Systems, Inc. | System and method for using soft links to managed content |
US7818344B2 (en) | 2005-09-26 | 2010-10-19 | Bea Systems, Inc. | System and method for providing nested types for content management |
US10567975B2 (en) | 2005-10-04 | 2020-02-18 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
USRE49334E1 (en) | 2005-10-04 | 2022-12-13 | Hoffberg Family Trust 2 | Multifactorial optimization system and method |
US8019845B2 (en) | 2006-06-05 | 2011-09-13 | International Business Machines Corporation | Service delivery using profile based management |
US20070282986A1 (en) * | 2006-06-05 | 2007-12-06 | Childress Rhonda L | Rule and Policy Promotion Within A Policy Hierarchy |
US20070282985A1 (en) * | 2006-06-05 | 2007-12-06 | Childress Rhonda L | Service Delivery Using Profile Based Management |
US7747736B2 (en) * | 2006-06-05 | 2010-06-29 | International Business Machines Corporation | Rule and policy promotion within a policy hierarchy |
US20080072280A1 (en) * | 2006-08-30 | 2008-03-20 | Tardo Joseph J | Method and system to control access to a secure asset via an electronic communications network |
US8136150B2 (en) | 2006-09-22 | 2012-03-13 | Oracle International Corporation | User role mapping in web applications |
US7886352B2 (en) | 2006-09-22 | 2011-02-08 | Oracle International Corporation | Interstitial pages |
US20080313728A1 (en) * | 2006-09-22 | 2008-12-18 | Bea Systems, Inc. | Interstitial pages |
US20080077809A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Credential Vault Encryption |
US7861290B2 (en) | 2006-09-22 | 2010-12-28 | Oracle International Corporation | Non-invasive insertion of pagelets |
US8397283B2 (en) | 2006-09-22 | 2013-03-12 | Oracle International Corporation | User role mapping in web applications |
US20080077983A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Non-invasive insertion of pagelets |
US7865943B2 (en) | 2006-09-22 | 2011-01-04 | Oracle International Corporation | Credential vault encryption |
US20080250388A1 (en) * | 2006-09-22 | 2008-10-09 | Bea Systems, Inc. | Pagelets in adaptive tags |
US20080077981A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Pagelets in adaptive tags in non-portal reverse proxy |
US7861289B2 (en) | 2006-09-22 | 2010-12-28 | Oracle International Corporation | Pagelets in adaptive tags in non-portal reverse proxy |
US20080077980A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Pagelets |
US7904953B2 (en) | 2006-09-22 | 2011-03-08 | Bea Systems, Inc. | Pagelets |
US20110047611A1 (en) * | 2006-09-22 | 2011-02-24 | Bea Systems, Inc. | User Role Mapping in Web Applications |
US20080077982A1 (en) * | 2006-09-22 | 2008-03-27 | Bea Systems, Inc. | Credential vault encryption |
US20090133026A1 (en) * | 2007-11-20 | 2009-05-21 | Aggarwal Vijay K | Method and system to identify conflicts in scheduling data center changes to assets |
US8635618B2 (en) * | 2007-11-20 | 2014-01-21 | International Business Machines Corporation | Method and system to identify conflicts in scheduling data center changes to assets utilizing task type plugin with conflict detection logic corresponding to the change request |
US20100127677A1 (en) * | 2008-03-19 | 2010-05-27 | Yazaki Corporation | Electric power supply device |
US9201669B2 (en) * | 2009-05-03 | 2015-12-01 | Blackberry Limited | Systems and methods for mobility server administration |
US20100281487A1 (en) * | 2009-05-03 | 2010-11-04 | Research In Motion Limited | Systems and methods for mobility server administration |
WO2010127433A1 (en) * | 2009-05-03 | 2010-11-11 | Research In Motion Limited | Systems and methods for mobility server administration |
US8966017B2 (en) * | 2009-07-09 | 2015-02-24 | Novell, Inc. | Techniques for cloud control and management |
US20110010339A1 (en) * | 2009-07-09 | 2011-01-13 | Wipfel Robert A | Techniques for cloud control and management |
US20150207684A1 (en) * | 2009-07-09 | 2015-07-23 | Novell, Inc. | Techniques for cloud control and management |
US10560330B2 (en) | 2009-07-09 | 2020-02-11 | Micro Focus Software Inc. | Techniques for cloud control and management |
US9736026B2 (en) * | 2009-07-09 | 2017-08-15 | Micro Focus Software Inc. | Techniques for cloud control and management |
US8984624B2 (en) | 2010-01-08 | 2015-03-17 | Microsoft Technology Licensing, Llc | Resource access based on multiple scope levels |
US20110173679A1 (en) * | 2010-01-08 | 2011-07-14 | Microsoft Corporation | Resource access based on multiple scope levels |
US8464319B2 (en) | 2010-01-08 | 2013-06-11 | Microsoft Corporation | Resource access based on multiple scope levels |
US10791145B2 (en) | 2010-11-24 | 2020-09-29 | Oracle International Corporation | Attaching web service policies to a group of policy subjects |
US9021055B2 (en) | 2010-11-24 | 2015-04-28 | Oracle International Corporation | Nonconforming web service policy functions |
US9742640B2 (en) | 2010-11-24 | 2017-08-22 | Oracle International Corporation | Identifying compatible web service policies |
US8973117B2 (en) | 2010-11-24 | 2015-03-03 | Oracle International Corporation | Propagating security identity information to components of a composite application |
US20120131164A1 (en) * | 2010-11-24 | 2012-05-24 | Oracle International Corporation | Attaching web service policies to a group of policy subjects |
US9589145B2 (en) * | 2010-11-24 | 2017-03-07 | Oracle International Corporation | Attaching web service policies to a group of policy subjects |
US9122765B1 (en) * | 2010-12-22 | 2015-09-01 | Vmware, Inc. | Efficient overcommitment of main-memory based virtual database system to disk |
US9262176B2 (en) | 2011-05-31 | 2016-02-16 | Oracle International Corporation | Software execution using multiple initialization modes |
US20140230012A1 (en) * | 2011-08-15 | 2014-08-14 | Arizona Board of Regents for and behalf of Arizona State University | Systems, methods, and media for policy-based monitoring and controlling of applications |
US9043864B2 (en) | 2011-09-30 | 2015-05-26 | Oracle International Corporation | Constraint definition for conditional policy attachments |
US9003478B2 (en) | 2011-09-30 | 2015-04-07 | Oracle International Corporation | Enforcement of conditional policy attachments |
US8914843B2 (en) | 2011-09-30 | 2014-12-16 | Oracle International Corporation | Conflict resolution when identical policies are attached to a single policy subject |
US9055068B2 (en) | 2011-09-30 | 2015-06-09 | Oracle International Corporation | Advertisement of conditional policy attachments |
US9088571B2 (en) | 2011-09-30 | 2015-07-21 | Oracle International Corporation | Priority assignments for policy attachments |
US9143511B2 (en) | 2011-09-30 | 2015-09-22 | Oracle International Corporation | Validation of conditional policy attachments |
US9027077B1 (en) * | 2012-04-30 | 2015-05-05 | Palo Alto Networks, Inc. | Deploying policy configuration across multiple security devices through hierarchical configuration templates |
US20150281285A1 (en) * | 2012-04-30 | 2015-10-01 | Palo Alto Networks, Inc. | Deploying policy configuration across multiple security devices through hierarchical configuration templates |
US9503480B2 (en) * | 2012-04-30 | 2016-11-22 | Palo Alto Networks, Inc. | Deploying policy configuration across multiple security devices through hierarchical configuration templates |
US20140115138A1 (en) * | 2012-10-18 | 2014-04-24 | International Business Machines Corporation | Recommending a policy for an it asset |
US9215144B2 (en) | 2012-10-18 | 2015-12-15 | International Business Machines Corporation | Recommending a policy for an IT asset |
US9210043B2 (en) * | 2012-10-18 | 2015-12-08 | International Business Machines Corporation | Recommending a policy for an IT asset |
US9246752B2 (en) | 2013-06-18 | 2016-01-26 | International Business Machines Corporation | Ensuring health and compliance of devices |
US9626123B2 (en) | 2013-06-18 | 2017-04-18 | International Business Machines Corporation | Ensuring health and compliance of devices |
US9456005B2 (en) | 2013-06-18 | 2016-09-27 | International Business Machines Corporation | Ensuring health and compliance of devices |
US9049231B2 (en) * | 2013-07-17 | 2015-06-02 | Iboss, Inc. | Location based network usage policies |
US20150026240A1 (en) * | 2013-07-17 | 2015-01-22 | Iboss, Inc. | Location based network usage policies |
US9225790B2 (en) | 2013-07-17 | 2015-12-29 | Iboss, Inc. | Location based network usage policies |
EP3133507A1 (en) | 2015-03-31 | 2017-02-22 | Secude AG | Context-based data classification |
EP3196798A1 (en) | 2016-01-19 | 2017-07-26 | Secude AG | Context-sensitive copy and paste block |
US11086613B2 (en) * | 2019-07-22 | 2021-08-10 | Capital One Services, Llc | Automated bucket policy management arrangements |
CN113760790A (en) * | 2021-09-08 | 2021-12-07 | 东莞市海能电子有限公司 | Docking station information instruction configuration and transmission method and device and docking station |
WO2023183025A1 (en) * | 2022-03-23 | 2023-09-28 | Hewlett-Packard Development Company, L.P. | Control of configuration of image forming apparatus by group policy in hierarchical structure of groups |
Also Published As
Publication number | Publication date |
---|---|
EP0752652A3 (en) | 1997-01-22 |
DE69601149D1 (en) | 1999-01-28 |
DE69601149T2 (en) | 1999-08-05 |
JPH0969077A (en) | 1997-03-11 |
EP0752652B1 (en) | 1998-12-16 |
EP0752652A2 (en) | 1997-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5797128A (en) | System and method for implementing a hierarchical policy for computer system administration | |
US6289458B1 (en) | Per property access control mechanism | |
US8117230B2 (en) | Interfaces and methods for group policy management | |
EP1460565B1 (en) | Method and system for uniformly accessing multiple directory services | |
US5778222A (en) | Method and system for managing access to objects | |
JP3670965B2 (en) | Client / server system for maintaining application preferences in a hierarchical data structure according to user and user group or terminal and terminal group context | |
US6772350B1 (en) | System and method for controlling access to resources in a distributed environment | |
US5838918A (en) | Distributing system configuration information from a manager machine to subscribed endpoint machines in a distrubuted computing environment | |
US6535879B1 (en) | Access control via properties system | |
US6606627B1 (en) | Techniques for managing resources for multiple exclusive groups | |
US5720033A (en) | Security platform and method using object oriented rules for computer-based systems using UNIX-line operating systems | |
US7653930B2 (en) | Method for role and resource policy management optimization | |
US6442584B1 (en) | Methods for resource consolidation in a computing environment | |
US6917975B2 (en) | Method for role and resource policy management | |
JP4571746B2 (en) | System and method for selectively defining access to application functions | |
US6625603B1 (en) | Object type specific access control | |
US5701458A (en) | System and method for managing arbitrary subsets of access control lists in a computer network | |
US5335346A (en) | Access control policies for an object oriented database, including access control lists which span across object boundaries | |
US6772159B1 (en) | System and method for disconnected database access by heterogeneous clients | |
US7752205B2 (en) | Method and system for interacting with a virtual content repository | |
US8396846B2 (en) | Database trigger modification system and method | |
US7325017B2 (en) | Method of implementation of data storage quota | |
JPH07210442A (en) | Unification of directory service with file system service | |
US8316051B1 (en) | Techniques for adding multiple security policies to a database system | |
US20030041154A1 (en) | System and method for controlling UNIX group access using LDAP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
REMI | Maintenance fee reminder mailed | ||
FPAY | Fee payment |
Year of fee payment: 8 |
|
REMI | Maintenance fee reminder mailed | ||
LAPS | Lapse for failure to pay maintenance fees | ||
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20100818 |